We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

enterprise security

SpyNote Android malware resurfaces in campaign using spoofed app install pages
AppWizard
April 10, 2025

SpyNote Android malware resurfaces in campaign using spoofed app install pages

A report from DomainTools LLC reveals that cybercriminals are using newly registered domains to distribute the SpyNote Android remote access trojan (RAT) by creating fake websites that resemble legitimate Google Play app installation pages. These counterfeit pages often include familiar visual elements to deceive users into downloading harmful APK files, such as a site mimicking the TikTok installation page. The downloaded files typically contain variants of SpyNote, which can conduct surveillance, harvest sensitive information, and execute remote commands on compromised devices. The delivery mechanism involves a two-stage process where a dropper APK installs a secondary APK with core spyware functionalities, utilizing JavaScript to trigger downloads from fake install buttons. Common characteristics of the domains distributing SpyNote include registration with NameSilo LLC and XinNet Technology Corp., hosting on infrastructure linked to Lightnode Ltd and Vultr Holdings LLC, and the presence of SSL certificates. The malware delivery sites contain code in both English and Chinese, suggesting a Chinese-speaking threat actor may be involved. SpyNote has been associated with advanced persistent threat groups targeting individuals in South Asia, including those in the Indian defense sector. Once installed, SpyNote requests intrusive permissions to access SMS, contacts, call logs, camera, microphone, and location services, and employs persistence mechanisms that make it difficult to remove. DomainTools advises users to be vigilant against spoofed app pages and avoid sideloading APKs from unverified sources.
Microsoft resets 'days since last Windows 11 problem' to 0
Winsage
April 9, 2025

Microsoft resets ‘days since last Windows 11 problem’ to 0

Microsoft has implemented a compatibility hold for Windows 11 24H2 affecting devices using the sprotect.sys driver from SenseShield Technology, which is crucial for encryption protection in enterprise security software. This hold impacts all versions of the sprotect.sys driver, specifically versions 1.0.2.372 and 1.0.3.48903, causing potential disruptions such as unresponsiveness and black or blue screen errors. Users are advised not to force the Windows 11 24H2 update until the issue is resolved, and Microsoft is collaborating with SenseShield to investigate the problem. Additionally, Microsoft has previously issued holds for other issues related to Dirac Audio enhancement technology and AutoCAD 2022, raising concerns about the compatibility and stability of Windows 11 compared to Windows 10.
Windows 11 24H2 is crashing on many PCs due to conflict with security driver
Winsage
April 8, 2025

Windows 11 24H2 is crashing on many PCs due to conflict with security driver

The Windows 11 version 24H2 is causing system crashes for some users due to a conflict with a security driver named sprotect.sys, associated with SenseShield Technology. This issue leads to unresponsiveness and Blue Screen of Death (BSOD) errors, particularly affecting versions 1.0.2.372 and 1.0.3.48903 of the driver. Microsoft has suspended the Windows 11 2024 update for systems using this driver, preventing users from receiving updates or manually installing them. Users experiencing blue screens can either revert to the previous version of Windows 11 or uninstall the update. Microsoft is working with SenseShield to resolve the issue, and users are advised to check the Windows Update page for notifications regarding fixes. Since its launch, Windows 11 24H2 has encountered various bugs and compatibility issues, leading to the blocking of the update for many PCs.
Microsoft extends Entra ID to WSL, WinGet
Winsage
November 20, 2024

Microsoft extends Entra ID to WSL, WinGet

Windows Subsystem for Linux (WSL) will introduce a new distribution architecture that allows IT professionals to create and distribute tailored distributions while adhering to enterprise security policies. WSL distributions will be installable from configurable source locations instead of relying on the Microsoft Store. These features are expected to be available for preview in the upcoming months. WinGet has integrated Entra ID in public preview, allowing IT professionals to manage access to the tool, ensuring only authorized personnel can install software. WinGet has also expanded its capabilities to enable enterprise customers to download line-of-business applications from any WinGet source using the new WinGet Download command, which is now generally available.
Microsoft Warns Millions Of Windows Users—Change Your Browser As New Attacks Underway
Winsage
October 12, 2024

Microsoft Warns Millions Of Windows Users—Change Your Browser As New Attacks Underway

Microsoft has issued a warning to Windows users about increasing attacks that exploit legitimate file hosting services, using tactics to evade security measures. These attacks involve fraudulent websites designed to harvest user credentials, prompting Microsoft to recommend the use of Microsoft Edge, which integrates with Microsoft Defender SmartScreen to block malicious sites. Microsoft previously advised Chrome users to update or stop using the browser due to a zero-day vulnerability, encouraging a shift to Edge. The attacks leverage trusted file-sharing platforms like Dropbox and OneDrive, deceiving users into opening malicious files. Microsoft emphasizes using Edge with conditional access policies and Microsoft Defender for enhanced security. Additionally, Microsoft is developing a privacy-preserving ads API for Edge, aiming to improve user privacy while addressing the challenges of third-party cookie tracking. This new API is currently in limited preview and requires manual activation in specific regions.
Microsoft Warns Millions Of Windows Users—Change Your Browser To Stop New Attacks
Winsage
October 9, 2024

Microsoft Warns Millions Of Windows Users—Change Your Browser To Stop New Attacks

Microsoft has issued a warning to Windows users about an increase in sophisticated attacks that use legitimate file hosting services to evade security measures. These attacks often involve fraudulent websites designed to steal user credentials, exploiting trusted platforms like Dropbox, SharePoint, and OneDrive. Microsoft recommends using Microsoft Edge, which can automatically block malicious websites through Microsoft Defender SmartScreen. The company has also advised enterprises to promote Edge and implement conditional access policies to enhance security. Recent trends show attackers manipulating enterprise security systems by using files with restricted access and view-only settings to deliver phishing emails. The ultimate goal of these attacks is typically the theft of organizational credentials for financial gain.
Microsoft explains how it's tackling security and privacy for Recall
Winsage
September 28, 2024

Microsoft explains how it’s tackling security and privacy for Recall

Microsoft's Recall feature for Copilot+ AI PCs was designed to help users locate past activities but faced backlash over security concerns related to constant screenshotting of user activity. In response, Microsoft delayed the rollout for Windows Insider beta testers and announced enhanced security measures, making Recall an opt-in feature by default and integrating Windows Hello biometric authentication. The feature will utilize encryption and VBS Enclaves to protect data, and users can opt to remove Recall entirely. Additional protective measures include rate-limiting and anti-hammering strategies, with a fallback PIN method after configuration. Recall will not retain private browsing data by default and will filter sensitive content. Microsoft has engaged a third-party vendor for penetration testing and security design review, while the Microsoft Offensive Research and Security Engineering team has been testing the feature.
Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server
AppWizard
September 2, 2024

Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server

Global Secure Layer (GSL) successfully mitigated a historic Distributed Denial of Service (DDoS) attack on a Minecraft gaming server that peaked at 3.15 billion packets per second (Gpps) on August 25, 2024. The attack had a bitrate of 849 Gbps and was the largest DDoS attack publicly recorded, surpassing previous records by 3.2 to 3.5 times. It was preceded by a smaller attack peaking at 1.7 Gpps, which likely served as reconnaissance for the larger assault. The attack originated from regions including Russia, Vietnam, and Korea, with significant traffic contributions from Korea Telecom and vulnerabilities in MAX-G866ac devices linked to CVE-2023-2231. GSL's mitigation strategies included reconfiguring targeted prefixes within 15 minutes and employing a heuristics anomaly detection engine, resulting in mitigation times of less than 100 milliseconds.
Search