DNS Archives

Tech Optimizer

July 2, 2025

NordVPN blocks 90% of phishing sites and earns AV-Comparatives certification

NordVPN's Threat Protection Pro feature has successfully blocked 90% of phishing websites in independent testing by AV-Comparatives, making it the only VPN with certified phishing protection. This feature has been recognized for two consecutive years for its effectiveness in detecting phishing attempts, surpassing the 85% threshold required for certification. Threat Protection Pro is available to subscribers of NordVPN Plus, Complete, and Ultra plans, while Basic tier users only have access to a DNS filter. NordVPN has also ranked third among 35 competitors for avoiding online shopping scams in 2024 and achieved a 99.8% malware protection rate according to testing by West Coast Labs.

Winsage

June 27, 2025

How to configure multiple DHCP scopes on one Windows server

Administrators use the Dynamic Host Configuration Protocol (DHCP) service to manage IP address configurations for clients efficiently. Deploying multiple DHCP scopes on a single server is more practical than having separate servers for each subnet. DHCP operates through a four-step lease process: discover, offer, request, and acknowledge. To install a DHCP server, the PowerShell cmdlet Install-WindowsFeature DHCP -IncludeManagementTools is used, and the server must be authorized in Active Directory. A single DHCP server can manage multiple scopes, each with specific configurations for different subnets, such as DevNet, ProdNet, SalesNet, and EngineersNet. Each scope can have unique IP address ranges and settings, and additional scopes can be created by adding network interface cards (NICs) to the server. Server options apply globally, while scope options are specific to individual scopes. Reserved IP addresses can also be configured within each scope.

Tech Optimizer

June 21, 2025

Implement a rollback strategy for Amazon Aurora PostgreSQL upgrades using Amazon RDS Blue/Green deployments

The Amazon Aurora PostgreSQL-Compatible Edition supports managed blue/green deployments to minimize downtime and risks during updates. This deployment strategy involves creating a staging environment (green) that mirrors the production database (blue) through logical replication. The blue environment represents the current production database, while the green environment incorporates updates without changing the application endpoint. After validating changes, the green environment can be promoted to production. In case of issues post-upgrade, a rollback plan is essential, as the managed blue/green deployment feature does not provide built-in rollback functionality. A manual rollback cluster can be established using self-managed logical replication to maintain synchronization with the new version after a switchover. Before the switchover, two clusters exist: the blue cluster (production) and the green cluster (staging). After the switchover, three clusters are present: the old blue cluster (original production), the new blue cluster (updated production), and the blue prime (rollback) cluster (a clone of the old blue cluster). To implement the solution, prerequisites include a cluster parameter group for the new version database with logical replication enabled and familiarity with the Aurora cloning feature. The process involves creating a blue/green deployment, stopping traffic on the blue cluster, performing the switchover, deleting the blue/green deployment, cloning the old blue cluster to create the blue prime cluster, and establishing logical replication from the new blue cluster to the blue prime cluster. Limitations of the managed blue/green deployment include the inability to replicate certain DDL operations and the need to handle endpoint changes manually if a rollback is required. Setting up the rollback cluster incurs additional downtime. To roll back to the blue prime cluster, application traffic must be ceased, the application or DNS records updated, the subscription on the blue prime cluster dropped, and sequence values manually updated if necessary. This process is not automatic and requires careful planning and testing. In production, it is advisable to retain the new blue prime cluster until all applications have transitioned successfully, and the old blue cluster can be backed up for compliance before deletion. For testing purposes, all clusters should be deleted to avoid additional charges.

Winsage

June 20, 2025

Windows 10 is dying as scams skyrocket. We asked a security expert for advice

In this week's episode of The Full Nerd, hosts Adam Patrick Murray, Alaina Yee, Will Smith, and guest Mike Danseglio discuss the end of Windows 10 and its security implications, the rise of scams, and various online security concerns. They explore user transitions to Windows 11, Linux, and vulnerabilities in communication methods. A recent vulnerability allows hackers to steal encryption keys from AMD Ryzen CPUs, prompting firmware updates for users of the Ryzen 3000 series or newer. Asus Armoury Crate users are advised to update due to a critical flaw that could grant hackers administrative rights. Cloud gaming is gaining traction among gamers under 40, provided latency issues are resolved. DDR4 memory prices are rising, indicating a decline of AMD’s AM4 platform. Anker has recalled older power banks due to fire hazards, and Framework has launched a new 2-in-1 DIY laptop. AMD has shared promising benchmarks for its upcoming Ryzen Threadripper 9000 series.

Winsage

June 16, 2025

Update Windows Now — Microsoft Confirms System Takeover Danger

CVE-2025-33073 is a Windows authentication relay attack vulnerability with a CVSS score of 8.8, indicating high severity. It allows attackers to gain SYSTEM privileges on affected systems. Currently, there is no evidence of active exploitation, but the public disclosure raises concerns. Exploitation involves executing a malicious script that makes the victim's machine connect to the attacker's system using SMB. Security researchers have described it as an authenticated remote command execution on machines that do not enforce SMB signing. Microsoft has released a fix as part of the June Patch Tuesday security updates to address this vulnerability.

Tech Optimizer

June 14, 2025

Hackers are sneaking malware into your browser using Google’s link, and antivirus software can’t stop it

A new browser-based malware campaign exploits trusted domains like Google.com to bypass traditional antivirus defenses. The malware operates through an e-commerce site using a manipulated Google OAuth logout URL, which executes an obfuscated JavaScript payload. This script activates silently during checkout or when the browser appears automated, opening a WebSocket connection to a malicious server. Payloads are dynamically executed using JavaScript, enhancing the threat's effectiveness. The attack evades detection by many antivirus programs due to its obfuscation and conditional activation. DNS filters and firewall rules offer limited protection since the initial request goes to a legitimate domain. Advanced users may use content inspection proxies or behavioral analysis tools to detect anomalies, but average users remain vulnerable. Recommendations to mitigate risks include limiting third-party scripts and maintaining separate browser sessions for financial transactions.

Winsage

June 12, 2025

Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller

Microsoft has released a patch, KB5060842, on June 10, 2025, to address a vulnerability in Windows Server 2025 that affected Active Directory Domain Controllers' ability to manage network traffic after system restarts. This issue stemmed from the improper initialization of domain firewall profiles during startup, leading to service interruptions and authentication failures. The patch corrects the initialization sequence of these profiles, ensuring proper network traffic management post-restart. Organizations using Windows Server 2025 are advised to implement this update to maintain the reliability of their Active Directory services.

AppWizard

June 6, 2025

Packet is an Android Quick Share App for Linux

Packet is a Linux application developed in Rust with a GTK4/libadwaita interface designed for wireless file transfer between Android and Linux devices. It utilizes Android's Quick Share feature, requiring devices to have Bluetooth enabled and be connected to a compatible Wi-Fi network. Users can easily send files by dragging and dropping them in Packet or using the Quick Share option on Android. The app allows customization of device names, visibility, download folders, and can run in the background. Packet is available for installation from Flathub or can be built from source on GitHub.

Tech Optimizer

May 26, 2025

This Stealthy Malware Takes Control of Your Computer to Steal Your Data

Skitnet is a new malware that targets personal data by stealthily infiltrating computer systems. It is used by hackers to steal sensitive information through advanced methods, including the insertion of invisible malicious code in emails and the creation of fraudulent websites. Cybersecurity experts from PRODAFT have revealed that Skitnet is often employed by ransomware groups and can remotely control infected computers using services like AnyDesk. The malware operates discreetly, monitoring user actions without detection for extended periods, making it difficult for victims to realize they are infected until after data theft occurs. To protect against such threats, security specialists recommend identifying suspicious emails, using reliable antivirus software, and enhancing account security with two-step verification and strong passwords.

Tech Optimizer

May 23, 2025

Cloudflare, Microsoft & police disrupt global malware service

Cloudflare, in collaboration with Microsoft and international law enforcement, has dismantled the infrastructure of LummaC2, an information-stealing malware service. This initiative led to the seizure and blocking of malicious domains and disrupted digital marketplaces used by criminals. Lumma Stealer operates as a subscription service providing threat actors access to a central panel for customized malware builds and stolen data retrieval. The stolen information includes credentials, cryptocurrency wallets, and sensitive data, posing risks of identity theft and financial fraud. Lumma Stealer was first identified on Russian-language crime forums in early 2023 and has since migrated to Telegram for distribution. Its proliferation is facilitated by social engineering campaigns, including deceptive pop-ups and bundled malware in cracked software. Cloudflare implemented measures to block access to Lumma's command and control servers and collaborated with various authorities to prevent the criminals from regaining control. Mitigation strategies for users include restricting unknown scripts, limiting password storage in browsers, and using reputable endpoint protection tools. The operation has significantly hindered Lumma's operations and aims to undermine the infostealer-as-a-service model contributing to cybercrime.