disruption Archives

Tech Optimizer

May 23, 2025

Cloudflare, Microsoft & police disrupt global malware service

Cloudflare, in collaboration with Microsoft and international law enforcement, has dismantled the infrastructure of LummaC2, an information-stealing malware service. This initiative led to the seizure and blocking of malicious domains and disrupted digital marketplaces used by criminals. Lumma Stealer operates as a subscription service providing threat actors access to a central panel for customized malware builds and stolen data retrieval. The stolen information includes credentials, cryptocurrency wallets, and sensitive data, posing risks of identity theft and financial fraud. Lumma Stealer was first identified on Russian-language crime forums in early 2023 and has since migrated to Telegram for distribution. Its proliferation is facilitated by social engineering campaigns, including deceptive pop-ups and bundled malware in cracked software. Cloudflare implemented measures to block access to Lumma's command and control servers and collaborated with various authorities to prevent the criminals from regaining control. Mitigation strategies for users include restricting unknown scripts, limiting password storage in browsers, and using reputable endpoint protection tools. The operation has significantly hindered Lumma's operations and aims to undermine the infostealer-as-a-service model contributing to cybercrime.

Winsage

May 22, 2025

Microsoft fires employee who interrupted CEO’s speech to protest AI tech for Israeli military

An employee named Joe Lopez was terminated after protesting during Microsoft's Build developer conference, expressing concerns about the company's technology being used in the Gaza conflict. His disruption led to a series of pro-Palestinian protests at the event, resulting in multiple interruptions of executive talks and Microsoft cutting audio from a livestreamed session. Outside the venue, demonstrators gathered to amplify their message. Microsoft has a history of responding firmly to employee protests related to its operations in Israel and recently acknowledged providing AI services to the Israeli military but stated that there is no evidence of its technologies being used to target civilians. Following his protest, Lopez received a termination letter that he could not open, and an advocacy group claims Microsoft has restricted internal communications regarding terms like “Palestine” and “Gaza.” Microsoft has not commented on the protests during the conference.

Winsage

May 22, 2025

Microsoft Says It’s Censoring Employee Emails Containing the Word “Palestine”

Employees at Microsoft have reported issues with emails containing specific keywords related to the Gaza conflict, such as “Palestine,” “Gaza,” “apartheid,” and “genocide,” which were either delayed or missing, while emails with the word “Israel” were unaffected. Delays of up to 45 minutes were noted, and the term “Palestinian” did not trigger the same issues. Microsoft spokesperson Frank Shaw stated that the company manages politically charged emails and discourages non-work-related discussions. The company's actions have faced criticism for being overly restrictive, especially following employee protests against Microsoft's contracts with the Israeli government. Reports indicated increased use of Microsoft’s Azure services by the Israeli military during the conflict, although Microsoft claimed no evidence of its technology being used to cause harm was found.

Winsage

May 22, 2025

Palestinian developer disrupts Microsoft keynote: ‘my people are suffering’

Microsoft's Build developer conference experienced protests for two consecutive days due to the company's ties to Israel. During a keynote by Jay Parikh, a Palestinian tech worker interrupted to express concerns about Microsoft's contracts with the Israeli government, calling for an end to the collaboration. Security removed the protester, who was supported by the group No Azure for Apartheid. The previous day, Microsoft employee Joe Lopez also interrupted a keynote to speak against the company's contracts with Israel, urging colleagues to speak out. Microsoft is conducting an internal review of its technology's role in the Gaza conflict, maintaining that its relationship with Israel's Ministry of Defense is commercial and that its technologies are not misused. This follows previous instances of dissent within Microsoft, including disruptions at a 50th-anniversary event.

Winsage

May 22, 2025

Microsoft blocks emails that contain ‘Palestine’ after employee protests

Microsoft employees have discovered that emails containing specific terms related to Gaza and Palestine, such as “Palestine,” “Gaza,” and “Genocide,” are being blocked in the company's internal communication system. Variations of these terms, like “Israel” or “P4lestine,” do not face the same restrictions. The No Azure for Apartheid (NOAA) protest group claims this selective blocking is an attempt to suppress free speech among employees advocating for Palestinian rights, labeling it as censorship. Microsoft has acknowledged making adjustments to its email system to limit the circulation of “politically focused emails” and stated that emailing large numbers of employees about non-work-related topics is inappropriate. This situation has coincided with protests against Microsoft's contracts with the Israeli government, including disruptions during the Build developer conference.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 21, 2025

Windows 10’s latest update packs a nasty bug, and while your system might be safe, it’s vital you check now

Windows 10 users are experiencing issues with the May update, which has a bug affecting business laptops with Intel vPro processors. This bug can cause update installation failures and repeated automatic repair attempts. Microsoft has released an emergency fix, KB5061768, which users should apply before installing the May update. The problem stems from the termination of the lsass.exe service, leading to automatic repair failures and potential lockouts for users with Device Encryption or BitLocker. To recover, users may need to disable Intel Trusted Execution Technology (TXT) and Intel VT for Direct I/O in BIOS settings, which typically requires the BitLocker recovery key. A workaround allows users to disable Intel TXT without changing Intel VT settings. Users can access BIOS by pressing keys like F2, F10, or F12 during startup, navigate to the Intel TXT setting, disable it, and then restart their PC to install the emergency patch. It is recommended to install the emergency fix before downloading the May update. Similar bugs have occurred in previous updates for Windows 10 and 11. Windows 11 users should note that a clean install of version 24H2 automatically applies Device Encryption, which requires careful management of Microsoft account credentials for recovery keys.

AppWizard

May 16, 2025

Google Maps has stopped showing alternate routes on app, Android Auto for some

Users are currently unable to view alternate routes on Google Maps for both mobile applications and Android Auto, a functionality that typically shows faster or slower route options. This issue has been reported by numerous users on forums and social media, and tests confirm that the Pixel 9 Pro Fold also does not display these suggestions when connected to Android Auto. The cause of the problem is unclear but may be related to recent software updates. There are also reports of lagging issues with Google Maps on CarPlay, although it is uncertain if the alternate route problem affects that platform.

Winsage

May 15, 2025

Windows 10 is dying, hardware is pricey, and Citrix says VDI will save you

Citrix is promoting its virtualization platforms to address rising hardware costs and upcoming U.S. tariffs effective April 2025. Vice President Philipp Benkler suggested that organizations could extend the lifespan of existing hardware by using eLux, an operating system acquired from Unicon. As businesses face the end-of-life for Windows 10 and the transition to Windows 11, Citrix advocates for deploying centrally managed remote desktops from existing endpoints through its virtual desktop infrastructure (VDI) platform. However, VDI implementation can face challenges such as "boot storms," which may lead to performance issues. Citrix recommends its NetScaler platform to manage these challenges without requiring additional hardware. While Citrix's approach aims to mitigate tariff-related costs, the company has increased its licensing prices, necessitating careful evaluation by organizations considering VDI. Security concerns also arise with NetScaler, as it is often targeted by cybercriminals, potentially introducing vulnerabilities. The effectiveness of Citrix's solution depends on each organization's IT landscape, budget, and ability to manage technical complexities.

AppWizard

May 14, 2025

Nextcloud cries foul over Google Play Store app rejection

Nextcloud, a European software vendor, has raised concerns about Google's treatment of its Android Files application, which has over 800,000 users. The issue centers on the "All files access" permission, which was revoked by the Play Store in 2024, impairing the app's functionality. Nextcloud argues that alternatives like the Storage Access Framework (SAF) and MediaStore API are inadequate for their needs. The app has been able to read and write all file types since its launch in 2016 without security concerns from Google until the recent revocation. Nextcloud claims that Google's policies are stifling competition and that they have faced bureaucratic inefficiencies in addressing their complaints. Despite having a fully functional version on F-Droid, the Google Play version is restricted. Nextcloud has previously lodged a complaint with the EU regarding Microsoft's anti-competitive behavior, and they express frustration over the lack of action taken. They believe larger tech companies are trying to suppress smaller competitors.