cyberattacks Archives

Winsage

May 2, 2025

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

The tech community is celebrating the first "World Passkey Day," moving away from "World Password Day," with Microsoft and other organizations committing to the Passkey Pledge to promote passkey adoption. Microsoft has developed passkeys as a secure authentication method, replacing traditional passwords and allowing access via facial recognition, fingerprints, or PINs. Over 99% of users now prefer Windows Hello for sign-ins, and hundreds of websites support passkeys, which are resistant to phishing. Last year, there were 7,000 password attacks every second, highlighting the urgency of this transition. Microsoft has introduced passkey support for consumer applications, achieving nearly a million registrations daily, with passkey sign-ins being three times more successful and eight times faster than traditional methods. New Microsoft accounts will be created without passwords by default, and the sign-in process will prioritize passwordless methods. Currently, over 15 billion user accounts can use passkeys, with a goal to transition billions more.

Winsage

May 1, 2025

Microsoft RDP apparently lets you log in with expired passwords – and it apparently doesn’t have plans to fix the issue

Security researcher Daniel Wade has revealed that Microsoft’s Remote Desktop Protocol (RDP) allows users to log into systems using previously revoked passwords, raising concerns about user security. Wade highlights that this feature undermines the trust users place in password management, as changing passwords is expected to prevent unauthorized access. This issue affects a wide range of users, from individuals to employees in small businesses and hybrid work environments. Despite the increasing sophistication of cyberattacks on password managers, Microsoft has stated it will not change this RDP functionality.

Winsage

April 29, 2025

Microsoft’s AI Secretly Copying All Your Private Messages

Microsoft is relaunching its AI-driven feature, Recall, which continuously captures background screenshots on Copilot+ PCs optimized for AI functionalities. Initially introduced in May, Recall was retracted due to privacy concerns over unencrypted storage of screenshots containing sensitive user data. After testing through Microsoft's Insider program, Recall has been updated to encrypt the screenshot database and requires users to opt in to save screenshots. However, it still poses risks by potentially capturing sensitive information from communications without the knowledge of other parties involved. Security researcher Kevin Beaumont has noted that the sensitive information filter is unreliable, and the encrypted database is only secured by a basic four-digit PIN. Beaumont's testing revealed that Recall indexed everything it stored, including ephemeral messages and images. He cautioned users to check if Recall is enabled when discussing sensitive topics with others on Windows PCs.

Tech Optimizer

April 27, 2025

Why aren’t there antivirus apps for the iPhone?

In recent years, the belief that iOS devices are "immune" to viruses has been challenged as cybercriminals increasingly target these platforms. Apple’s security measures, including sandboxing, help isolate apps to prevent the spread of malware. The App Store is strictly controlled, with Apple reviewing apps for security compliance, resulting in few harmful applications being reported. Antivirus software available in the App Store, from companies like McAfee and Norton, operates under the same constraints as other apps and cannot directly access the operating system kernel. Users are advised to avoid jailbreaking their devices, enable automatic updates, and take precautions such as avoiding public charging stations and regularly reviewing app permissions. Utilizing a password manager or VPN can enhance security, and those who have experienced data breaches may consider identity theft protection.

Winsage

April 14, 2025

No Reboot Security Updates Come To Windows 11 — But There’s A Catch

Microsoft has introduced a "hotpatching" feature for Windows 11 that allows security updates to be installed in the background without requiring a reboot. This feature is currently limited to Windows 11 Enterprise, version 24H2, for x64 devices with AMD or Intel CPUs, and requires Microsoft Intune for deployment. The 0patch micro-patching service offers an alternative for users outside the enterprise, providing fixes directly in memory and free zero-day micro patches.

Winsage

April 7, 2025

Five reasons why every business needs Windows 11

Windows 10 will reach its end of support on October 14, 2025, leaving organizations without essential security updates and exposing them to cyber risks. Upgrading to Windows 11 on HP PCs with Intel® Core processors enhances security, improves system stability, reduces IT support strain, boosts employee productivity, and avoids the costs associated with delayed migration. BPC Commercial offers assistance for a smooth transition to Windows 11.

Winsage

April 4, 2025

Hotpatch Updates Come To Windows, Reducing Downtime

Microsoft has introduced hotpatch updates for Windows 11 Enterprise, version 24H2 for x64 (AMD/Intel) CPU devices, aimed at reducing downtime caused by system updates. Administrators can create a hotpatch-enabled quality update policy within the Windows Autopatch framework via the Microsoft Intune console, allowing eligible devices to automatically enroll in this update cycle. Hotpatch updates enable swift implementation of security measures without disruptive reboots, while devices on Windows 10 and earlier will continue to receive standard monthly security updates. Feedback from users has been positive, with many noting the immediate application of security updates as a significant advantage.

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Tech Optimizer

April 2, 2025

Shield up to 5 devices from the evil internet with McAfee Total Protection

McAfee Total Protection offers a two-year subscription for less than , covering up to five Apple devices, significantly reduced from the regular price of 9. The subscription includes AI-powered antivirus protection, a virtual private network, web protection, identity theft protection, and personalized safety education. It also features a password manager, personal data exposure protection, and credit monitoring. This limited-time offer allows stacking of codes for up to ten years of coverage, but the software can only be added to a maximum of five devices at once.

Tech Optimizer

March 31, 2025

Traditional EDR can’t keep up with modern cyber threats

By 2025, the global cost of cybercrime is projected to reach .5 trillion annually. Many organizations continue to use outdated Endpoint Detection and Response (EDR) solutions, which are increasingly ineffective against sophisticated cyber threats. EDR was introduced in 2013 but has struggled to keep pace with evolving attack techniques. Traditional EDR is reactive, responding to incidents after they occur, and relies on known Indicators of Compromise (IoCs), which limits its effectiveness. Real-world examples of traditional EDR failures include a misconfigured update to CrowdStrike’s Falcon EDR causing an IT outage, the Akira ransomware exploiting an unsecured webcam, the Medibank breach despite multiple alerts from EDR, and the BlackCat ransomware attack on Henry Schein. These incidents highlight the inadequacy of traditional EDR in preventing modern threats. The next phase of endpoint security is Preemptive Endpoint Protection (PEP), which actively prevents attacks rather than just detecting and responding to them. PEP utilizes proactive strategies like Automated Moving Target Defense (AMTD) and Adaptive Exposure Management (AEM), and research indicates that organizations using proactive security save 30% more on breach costs compared to those relying solely on reactive measures.