experts Archives

Winsage

May 29, 2025

Securing Windows Endpoints in 2025 Enterprise Environments

In 2025, 61% of organizations worldwide have adopted Zero Trust initiatives, up from 24% in 2021. Microsoft's Zero Trust framework centralizes security policy enforcement through the cloud, with integrated solutions like Microsoft Defender for Endpoint. AI is now a critical component of endpoint security, enabling systems to detect irregularities and autonomously isolate compromised devices. Microsoft introduced Quick Machine Recovery (QMR) to allow IT administrators to fix unbootable PCs remotely. Windows Server 2025 features enhanced security measures, including advanced algorithms and a customized security baseline with over 350 preconfigured settings. Additionally, 75% of organizations are consolidating security vendors, favoring comprehensive platforms like SentinelOne Singularity and Microsoft Defender XDR. Windows Defender Application Control (WDAC) has been enhanced to better regulate application usage, with Microsoft promoting its adoption over AppLocker.

Tech Optimizer

May 29, 2025

Xanthorox, the AI that promotes itself as an easy resource for committing cybercrimes

Xanthorox is an AI developed in 2023 by an anonymous creator, claiming to surpass WormGPT and EvilGPT. It promotes itself as a tool for illicit online activities, offering features like ransomware creation, deepfake generation, phishing email production, and malware development. The AI operates on open-source models without typical security measures, allowing for unregulated content generation. Its pricing includes a free tier for limited features and negotiable rates for full access. Security experts note that while Xanthorox is effective, its actual impact on large-scale cybercrime is uncertain. The legality of Xanthorox stems from its open-source nature, which allows for its use as long as it does not violate laws, although using it for illegal activities remains unlawful.

BetaBeacon

May 29, 2025

Android Auto to gain video playback, games, web browsing

New functionality is coming to Android Auto, including video playback and web browsing, but these features will only be accessible when the car is parked. Video playback will only work on supported apps and compatible cars, and the user's phone needs to be running Android 16. Game play support is available for beta testers, but it is unclear when these features will be available to the general public. Vehicles with Android Automotive OS already have access to video playback, with audio-only playback while driving coming soon. Google Gemini, a voice-activated AI search assistant, will replace Google Assistant in the coming months. Weather apps are now approved for Android Auto.

Tech Optimizer

May 28, 2025

Watch out – that antivirus website could be a fake, and infecting your PC with malware

Researchers have discovered a fraudulent website, "bitdefender-download[.]com," posing as Bitdefender antivirus, which is used to distribute the VenomRAT Remote Access Trojan. The site, hosted on an Amazon S3 bucket, tricks users into downloading harmful software through an executable file named "StoreInstaller.exe," which is linked to VenomRAT and contains code from post-exploitation frameworks SilentTrinity and StormKitty stealer. VenomRAT allows cybercriminals to gain unauthorized control over Windows systems, steal sensitive information, log keystrokes, access webcams, and execute commands remotely. The primary goal of this campaign is to steal cryptocurrency by compromising credentials and crypto wallets. The investigation also found connections to other fraudulent operations impersonating banks and IT services, including the Armenian IDBank and the Royal Bank of Canada.

Tech Optimizer

May 28, 2025

Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data

Cybercriminals are executing a sophisticated malware campaign through a counterfeit Bitdefender antivirus website, specifically the domain “bitdefender-download[.]co,” which mimics the legitimate site. This fraudulent site distributes three types of malware: VenomRAT, StormKitty, and SilentTrinity, aimed at stealing financial data and maintaining persistent access to victims’ computers. When users click the “Download For Windows” button, they inadvertently download a ZIP file containing these malicious programs. VenomRAT acts as a remote access tool, allowing attackers to steal files, cryptocurrency wallets, and browser data, including credit card information. StormKitty quickly harvests sensitive credentials, while SilentTrinity provides stealthy long-term access for further exploitation. The fake Bitdefender site is linked to other malicious domains impersonating banks, indicating a coordinated phishing operation. The attackers utilize the same command and control infrastructure, with the IP address 67.217.228.160:4449 identified as a connection point. Bitdefender is working to take down the fraudulent site, and Google Chrome has begun flagging the link as malicious. Security experts recommend verifying website authenticity and downloading software only from official sources.

Tech Optimizer

May 28, 2025

M&S shoppers urged to set up security measure on ‘all accounts’

M&S shoppers are being urged to enhance their online security following a cyber attack that disrupted customer services. The retailer has acknowledged ongoing challenges, stating they cannot process online orders while stores remain open. Sensitive customer information, including phone numbers, email addresses, and order histories, was compromised in the breach. Security expert Luis Corrons from Norton recommends activating two-step verification for online accounts, being cautious about stored personal and payment information, deleting unused accounts, using strong passwords, and keeping devices and software updated to improve security. He emphasizes that cyber threats are increasingly targeting human behavior and that these security measures are essential for digital safety.

Winsage

May 28, 2025

Microsoft surprises with emergency patch KB5061977 for Windows 11 24H2

On May 27, Microsoft released an out-of-band update, KB5061977, for Windows 11 version 24H2, elevating the operating system build to 26100.4066. This emergency patch addresses a security vulnerability currently being exploited, likely related to remote code execution or privilege escalation. The update is available through Windows Update, Windows Update for Business, WSUS, and the Microsoft Update Catalog. Organizations are urged to prioritize its installation, especially on publicly accessible or critical systems. The update focuses on security and reliability improvements, with no new features introduced. The issuance of this update outside regular maintenance windows presents challenges for IT administrators, emphasizing the need for proactive patch management strategies.

Winsage

May 27, 2025

Windows 11 is getting top-level protection against the next generation of quantum cyberattacks

Microsoft has announced new protective measures against potential quantum-powered cyber threats by rolling out post-quantum cryptography (PQC) capabilities for Windows Insiders using Canary Channel Build 27852 and higher, and for Linux users through SymCrypt-OpenSSL version 1.9.0. The newly introduced PQC algorithms, standardized by NIST, will evolve in response to emerging threats, emphasizing the need for "Crypto Agility." The updates enhance OpenSSL’s API surface for Linux developers, allowing experimentation with TLS hybrid key exchange. Experts warn that quantum computing could breach even the most robust encryption systems, highlighting the urgency for software companies to adapt their security measures.

AppWizard

May 27, 2025

What are the most secure messaging apps in 2025? Here’s how to keep your online communications safe

A leaked Signal group chat, referred to as Signalgate, has raised concerns about national security and the use of messaging applications for sensitive information exchange. The incident involved former U.S. National Security Adviser Mike Waltz and Jeffrey Goldberg, the editor-in-chief of Atlantic, who was mistakenly added to the chat meant for national security leaders discussing military operations. This breach has prompted discussions about the security protocols of digital communication tools used by government officials.

Tech Optimizer

May 26, 2025

This Stealthy Malware Takes Control of Your Computer to Steal Your Data

Skitnet is a new malware that targets personal data by stealthily infiltrating computer systems. It is used by hackers to steal sensitive information through advanced methods, including the insertion of invisible malicious code in emails and the creation of fraudulent websites. Cybersecurity experts from PRODAFT have revealed that Skitnet is often employed by ransomware groups and can remotely control infected computers using services like AnyDesk. The malware operates discreetly, monitoring user actions without detection for extended periods, making it difficult for victims to realize they are infected until after data theft occurs. To protect against such threats, security specialists recommend identifying suspicious emails, using reliable antivirus software, and enhancing account security with two-step verification and strong passwords.