encrypted Archives

Winsage

November 7, 2024

Winos4.0 Malware Found in Game Apps, Targets Windows Users

A newly identified malware framework called "Winos4.0" targets Windows users through game-related applications. It is a sophisticated variant of Gh0strat, capable of executing remote actions and granting attackers control over compromised systems. Winos4.0 is distributed via seemingly harmless applications, which download a BMP file that extracts and activates the Winos4.0 DLL file. The malware establishes persistence by creating registry keys or scheduled tasks. Its capabilities include clipboard monitoring, system information gathering, and detection of antivirus software and security applications. Winos4.0 targets educational institutions, particularly in "Campus Administration." It maintains communication with command-and-control (C2) servers to download encrypted modules and receive commands for actions like document management and screen capture. Fortinet compares Winos4.0 to frameworks like Cobalt Strike and Sliver, noting its encrypted data exchanges and C2 communication. Users are advised to download applications only from reputable sources.

Winsage

November 7, 2024

New Winos4.0 Malware Targeting Windows via Fake Gaming Apps

Cybersecurity researchers at Fortinet’s FortiGuard Labs have identified a malware campaign named Winos4.0 that disguises itself as benign gaming applications targeting Microsoft Windows users. This malware framework is similar to threats like Cobalt Strike and Sliver. Users who download these applications inadvertently install Trojan horses that deploy the Winos4.0 framework, which has been found in various gaming-related tools. The malware appears to focus on the education sector, as indicated by its file description “校园政务” (Campus Administration). Winos4.0 is a re-engineered version of the Gh0stRat remote access trojan and consists of modular components for specific tasks. The attack begins with the retrieval of a BMP file from a remote server, leading to the extraction of a DLL file named “you.dll.” This file downloads additional files, including the main malicious file “libcef.dll,” which injects shellcode to establish a connection with a command and control (C2) server. The malware executes various tasks, such as monitoring system information and maintaining a connection to the C2 server. To protect against such threats, users are advised to download applications only from reputable sources, avoid third-party app stores, and scan new files before execution. Regular device scans are recommended, especially after downloading new content.

Winsage

November 6, 2024

5 tips for setting up BitLocker on Windows to secure your files

BitLocker drive encryption is a feature in Windows 11 that protects files from unauthorized access by encrypting the drive. It is enabled by default in Windows 11 Pro and higher editions, while a limited version is available in Windows 11 Home. Windows 11 automatically encrypts all fixed drives upon connection, and users should verify that all permanently attached drives are encrypted. Users can set drives to automatically unlock on the current PC or protect them with a password. BitLocker is a Windows-specific feature, making encrypted external drives inaccessible on other operating systems like macOS or Linux. Recovery keys for BitLocker-encrypted drives are automatically backed up for users with a Microsoft account, and it is recommended to create a Microsoft account for easier access to recovery keys. Users should also keep a second backup of the recovery key in case of internet outages, which can be printed or saved as a digital file.

Winsage

October 31, 2024

Microsoft just delayed Recall again

Microsoft has delayed the rollout of its Recall feature for Copilot Plus PCs, originally scheduled for testing with Windows Insiders in October, now pushed to December. The delay is due to the need for additional time to ensure a secure and reliable user experience. Recall was initially intended for a June launch but faced delays due to security concerns. The feature will be an opt-in experience, fully removable by users, and will not be automatically installed on PCs running Windows 11, version 24H2. Microsoft has focused on enhancing Recall's security, including fully encrypting its database and requiring Windows Hello authentication for access. Recall allows users to capture screenshots of their activities and revisit them through an interactive timeline.

Winsage

October 31, 2024

Microsoft is struggling to get Windows Recall out the door — delays releasing first public preview

Microsoft has postponed the rollout of the Windows Recall feature, now expected to preview in December instead of October. The feature was initially set to debut alongside Copilot+ PCs in June. The delay is due to security concerns regarding data storage management. Microsoft has identified significant vulnerabilities and is reassessing its launch timeline, having already delayed the feature for four months. When released, Windows Recall will include a robust security framework, with encrypted data and Windows Hello authentication required for access. Users can filter specific applications and websites, with default settings excluding sensitive information. The feature is unlikely to be available beyond the Insider Program until 2025, and the timeline for access on AMD and Intel Copilot+ PCs remains uncertain, with initial previews expected to launch on Snapdragon X devices in November.

Tech Optimizer

October 31, 2024

Beyond antivirus: Other essential tools to protect your Mac

Macs are facing an increasing number of cybersecurity threats, with malware targeting macOS rising from eight families in 2021 to 21 in 2023. To protect against these threats, users are advised to implement antivirus software, maintain regular backups using tools like Apple's Time Machine and cloud services, enable the built-in firewall, use password managers for secure password storage, and utilize a VPN for secure internet connections, especially on public Wi-Fi.

Tech Optimizer

October 31, 2024

Best Antivirus Software for Small Businesses in 2024

Small businesses often face challenges in selecting antivirus software, as personal tools may lack robustness and enterprise solutions can be complex and costly. There are antivirus solutions specifically designed for smaller companies. Six top antivirus software options tailored for small businesses include: 1. Bitdefender: - Starting price: .99 for 5 devices for 1 year. - Covers: macOS, iOS, Android, Windows, Windows Server. - Features: Unlimited VPN traffic, account breach monitoring, risk management, AI-powered Scam Copilot, integrated password management. 2. Norton: - Starting price: .99 a year for 6 devices. - Covers: Windows, macOS, iOS, Android. - Features: 24/7 customer support, password management, cloud backup, secure browser. 3. Trend Micro: - Pricing: Contact for customized quote. - Covers: Windows, macOS, iOS, Android. - Features: Endpoint detection, attack surface risk management, AI-driven threat intelligence. 4. ESET: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android, Linux. - Features: Certain plans include password manager. 5. Avira: - Starting price: .99 for 5 devices for 1 year. - Covers: Windows, macOS, iOS, Android. - Features: Unlimited VPN traffic, device cleaner, blocks unwanted spam calls. 6. Microsoft Defender: - Starting price: .75 per user per month. - Covers: Windows, macOS, Linux, iOS, Android. - Features: Built into Windows, integrates with Microsoft tools, automatic disruption of ransomware attacks. When choosing antivirus software, small businesses should assess their specific needs and budget, consider bundled plans for better value, utilize free trials, and schedule demo calls with sales teams for clarification.

AppWizard

October 28, 2024

Encrypted messaging apps: a persistent challenge in fighting organised crime

Approximately 700 officers from the Australian Federal Police executed arrest warrants as part of Operation Kraken, aimed at apprehending Jay Je Yoon Jung, the alleged mastermind behind the encrypted messaging application Ghost, used for organized crime. Ghost facilitated various illicit activities, including drug and weapon trafficking, with around 800 devices globally, 376 identified in Australia. The AFP learned about Ghost through Europol and collaborated with the US FBI and Royal Canadian Mounted Police to access its software. The operation highlighted challenges in disrupting encrypted communications, accelerating law enforcement's technological adoption, and preventing future exploitation by criminals. Australia's encryption laws allow law enforcement to access encrypted communications, sparking a debate on privacy and public safety. Continuous innovation, international collaboration, and training for law enforcement are essential to counter organized crime effectively.

Winsage

October 21, 2024

Beast Ransomware Attacking Windows, Linux, And ESXi Systems

Ransomware groups, such as Beast ransomware, have become significant threats in cybersecurity, utilizing advanced malware to encrypt data and demand ransoms. Beast ransomware, identified by Cybereason, has been active since 2022 and can target Windows, Linux, and ESXi operating systems. Originally developed in Delphi, it now uses C and Go. The ransomware employs elliptic-curve and ChaCha20 encryption techniques, features multithreaded file encryption, process termination, and shadow copy deletion on Windows. For Linux and ESXi, it offers customizable encryption paths and VM shutdown options. It spreads through phishing emails, compromised RDP endpoints, and SMB network scans, exploiting the RstrtMgr.dll for file access manipulation. Recent enhancements include an offline builder for configuring builds across various systems. The attack sequence starts with shadow copy deletion via a WMI query, followed by efficient file encryption targeting various file formats. A ransom note is placed in each affected directory, and users can access the ransomware's GUI during encryption. Recommendations to mitigate risks include tracking affiliates, promoting multi-factor authentication, enabling anti-malware solutions, implementing anti-ransomware measures, ensuring regular system patching, and backing up files.

AppWizard

October 20, 2024

Best enterprise messaging platform of 2024

The top five enterprise messaging platforms of 2024 are: 1. Slack - Rating: ★★★★★ - Pros: Intuitive interface, supports seamless collaboration. - Cons: Can be distracting. 2. Zoho Cliq - Rating: ★★★★½ - Pros: Affordable, easy to use. - Cons: Limited third-party integrations. 3. Microsoft Teams - Rating: ★★★★ - Pros: No extra cost for Microsoft 365 enterprise subscribers. - Cons: User interface needs improvement. 4. Google Workspace - Rating: ★★★★ - Pros: Intuitive interface, top-notch performance. - Cons: Limited control over data privacy. 5. RingCentral Video - Rating: ★★★★½ - Pros: High-quality video calls. - Cons: Expensive. Key features of an enterprise messaging app include instant and reliable messaging delivery, encryption, cloud storage, and a mobile app. When choosing an enterprise messaging platform, consider cost, security, ease of use, and performance. The evaluation process for selecting these platforms involved assessing feature sets, user experience, integration capabilities, customer support, scalability, and collaboration features.