cybersecurity threats Archives

Winsage

May 30, 2025

Microsoft unveils “centralized” software update tool for Windows

Microsoft is developing a Windows-native update orchestration platform to improve the software updating experience for IT administrators and end-users. This platform aims to streamline the management of updates across various applications and components within the Windows ecosystem, reducing confusion caused by independent updates for different products. Currently in private preview, developers can access the platform through Windows Runtime (WinRT) APIs and PowerShell commands by registering as update providers. The orchestrator will intelligently defer updates based on user activity and system performance, and it will automatically reschedule failed attempts. Additionally, Microsoft is introducing Windows Backup for Organizations to assist with the transition from Windows 10 to Windows 11. This feature simplifies the backup and restoration of settings for Windows 10 and 11 devices. To use this functionality, devices must be Microsoft Entra hybrid joined or Microsoft Entra joined and running a supported version of Windows. The restore feature is compatible only with Microsoft Entra joined devices running Windows 11, version 22H2 and later. The Windows Backup for Organizations feature is currently in a limited public preview for select members of the Microsoft Management Customer Connection Program.

Tech Optimizer

May 26, 2025

This Stealthy Malware Takes Control of Your Computer to Steal Your Data

Skitnet is a new malware that targets personal data by stealthily infiltrating computer systems. It is used by hackers to steal sensitive information through advanced methods, including the insertion of invisible malicious code in emails and the creation of fraudulent websites. Cybersecurity experts from PRODAFT have revealed that Skitnet is often employed by ransomware groups and can remotely control infected computers using services like AnyDesk. The malware operates discreetly, monitoring user actions without detection for extended periods, making it difficult for victims to realize they are infected until after data theft occurs. To protect against such threats, security specialists recommend identifying suspicious emails, using reliable antivirus software, and enhancing account security with two-step verification and strong passwords.

Winsage

May 23, 2025

Unpatched Windows Server vulnerability allows full domain compromise

A newly discovered privilege escalation vulnerability in Windows Server 2025, known as the “BadSuccessor” attack, allows attackers to compromise any user within Active Directory (AD), including those with Domain Admin privileges. This vulnerability stems from the delegated Managed Service Account (dMSA) feature, which can be exploited by creating a new dMSA linked to any user or computer account without requiring direct access to the original account. Researchers found that 91% of examined environments had users outside the Domain Admin group with the necessary permissions to execute this attack. Microsoft has been notified and is working on a patch, while organizations are advised to restrict dMSA creation to trusted administrators and enhance their security measures.

Tech Optimizer

May 20, 2025

Modernizing Public Sector IT with PostgreSQL

On June 24, 2025, a webinar will discuss how PostgreSQL can help government agencies modernize their IT infrastructures while maintaining security and managing costs. The session will cover PostgreSQL's capabilities in addressing legacy system migration, regulatory compliance, and its certifications like FedRAMP and DISA STIG that ensure it meets federal security standards. Gianni Cioli, a PostgreSQL consultant with over 15 years of experience, will be the speaker.

Winsage

May 14, 2025

Microsoft Confirms Windows Is Under Attack — You Must Act Now

Microsoft has confirmed multiple zero-day vulnerabilities being actively targeted by malicious actors. One significant vulnerability is CVE-2025-30397, a memory corruption flaw in the Windows scripting engine that affects all versions of Windows and allows code execution over the network. It has a CVSS score of 7.8 and is considered critical. Successful exploitation requires the target to use Edge in Internet Explorer Mode and for the user to click a malicious link. Other vulnerabilities include: - CVE-2025-32709: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows Server 12 and later. - CVE-2025-32701 and CVE-2025-32706: Vulnerabilities in the Windows Common Log File Driver System that could allow local attackers to gain system privileges, affecting all versions of Windows. - CVE-2025-30400: An elevation of privilege vulnerability in the Windows desktop window manager, affecting Windows 10, Server 2016, and later OS versions. Windows users are urged to update their systems with the latest security patches immediately.

AppWizard

May 6, 2025

‘Intrusion Detection’ might help Android 16 users catch suspicious phone activity

Google is set to introduce a security feature called "Intrusion Detection" in its upcoming Android 16, aimed at enhancing user security against threats. This feature, found in a beta version of the Google Play Services app, will log encrypted entries of essential device information to help users identify suspicious activity. "Intrusion Detection" is expected to be part of the Advanced Protection Program, which includes measures against malicious downloads and supports passkey sign-ins, moving away from traditional passwords. The feature's development has progressed, but it is unclear if it will launch with Android 16 or later. Android 16 Beta 4 was released to testers in mid-April, leading up to the anticipated full launch in May 2025.

Tech Optimizer

May 5, 2025

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, an e-commerce store specializing in handmade home décor, experienced a cybersecurity incident involving a malware strain called Chimera. The attack began during a routine update to their inventory management system and escalated within 12 hours, resulting in halted customer orders, locked employee accounts, and a crashed website. The attackers demanded a ransom of 0,000 in cryptocurrency, threatening to expose sensitive customer data. Chimera is an AI-driven malware that adapts its code to evade detection, targeting both Windows and macOS systems. It exploited a zero-day vulnerability in Windows' Print Spooler service and bypassed macOS security measures by forging code signatures. The malware used social engineering tactics to deceive employees into activating malicious payloads, leading to compromised systems and encrypted customer data. The recovery process took 48 hours, utilizing cybersecurity tools like CrowdStrike Falcon and SentinelOne Singularity to identify and isolate the malware. Data restoration was achieved through Acronis Cyber Protect and macOS Time Machine, while vulnerabilities were addressed with Qualys and emergency patch deployment via WSUS. The network security framework was improved using Cisco Umbrella and Zscaler Private Access to implement a Zero Trust architecture. The incident highlights the need for small enterprises to adopt proactive cybersecurity strategies, including a 3-2-1 backup approach, Zero Trust models, investment in AI-driven defense tools, and employee training to recognize social engineering attempts.

AppWizard

May 2, 2025

App Developer Magazine may 2025

Google's Play Store has undergone a significant overhaul, resulting in a 47% reduction in app listings due to stricter enforcement, enhanced developer verification, and AI-driven moderation. This change aligns Google more closely with Apple's curated ecosystem. New tools in the Play Console Insights are designed to improve app performance for developers. Apple has achieved a milestone in emissions reduction and is preparing for WWDC 2025 on June 9. Blizzard's Diablo 4 has introduced a new mechanic called Piranhado, and SEMO has launched a game development degree program. Nutrient is expanding its cloud services, and student-led initiatives are addressing cybersecurity threats in universities. AI developments include a smart builder for converting spreadsheets into applications and AutonomyAI's autonomous agent platform.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

Winsage

April 17, 2025

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054 is a vulnerability that allows attackers to capture NTLMv2-SSP hashes from a victim's machine during authentication requests to an attacker-controlled SMB server. Active exploitation of this vulnerability has been observed since March 19, 2025, targeting government and private sectors in Poland and Romania. The attacks involve phishing emails that lead victims to download an archive file containing exploits designed to leak NTLMv2-SSP hashes. Microsoft has released patches for this vulnerability, but users on older, unsupported versions may need to consider micropatching.