We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

exploiting

New Security Warning After 1 Billion Windows Users Told Do Not Delete
Winsage
April 27, 2025

New Security Warning After 1 Billion Windows Users Told Do Not Delete

Microsoft's recent security update for Windows has raised concerns among users due to the introduction of a new vulnerability. The update, intended to address the CVE-2025-21204 vulnerability, inadvertently created a folder named inetpub, which Microsoft claims is essential for user protection. Security researcher Kevin Beaumont has warned that this update has introduced a denial of service vulnerability that allows non-admin users to halt future Windows security updates. Microsoft has classified the issue as moderate in severity and suggested that deleting the inetpub symlink and retrying the update may resolve the problem. The report has been forwarded to the Windows security team for potential further action.
How to disable the PC webcam and protect it from unauthorized access
Tech Optimizer
April 26, 2025

How to disable the PC webcam and protect it from unauthorized access

The webcam is a crucial tool for remote communication but poses privacy risks, particularly through a threat known as CamFecting, where unauthorized access can occur via malware, malicious websites, or system vulnerabilities. Preventive measures include using antivirus software, disabling the webcam when not in use, and physically covering the camera with privacy caps or tape. Signs of unauthorized access include unexpected illumination of the webcam light, unusual camera behavior, unknown files on the system, abnormal data consumption, and decreased battery life. To deactivate the webcam, users can adjust settings in major browsers and operating systems. Maintaining digital hygiene, such as regularly updating software, using security systems like firewalls and VPNs, and being cautious of phishing attempts, is essential to minimize risks.
12 Android apps secretly recorded your conversations
AppWizard
April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.
Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation
Winsage
April 22, 2025

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

A security vulnerability identified as CVE-2025-21204 has been discovered in the Windows Update Stack, allowing local attackers to execute unauthorized code and escalate privileges to SYSTEM-level access. This vulnerability, with a CVSS score of 7.8 (High), affects Windows 10 versions 1507, 1607, and 1809, among likely other supported Windows 10/11 and Windows Server versions. The flaw arises from a design issue where Windows Update processes do not properly follow directory junctions, enabling attackers with limited user privileges to redirect trusted paths to locations containing malicious code. Microsoft has introduced a mitigation strategy in its April 2025 cumulative update, which includes creating a new folder at the root of system drives and implementing detection rules for suspicious junction creations. Organizations are advised to apply the April 2025 security updates, restrict ACLs on specific directories, prevent symbolic link creation, and monitor file creation activities in certain directories.
Windows vulnerability with NTLM hash abuse exploited for phishing
Winsage
April 19, 2025

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows, identified as CVE-2025-24054, is being exploited in phishing campaigns targeting government and private organizations. Initially considered low-risk, it was addressed in Microsoft's March 2025 Patch Tuesday updates. Following the release of these patches, Check Point observed a rise in exploitation attempts, particularly linked to the Russian group APT28. Attackers sent phishing emails with Dropbox links containing .library-ms files, which, when accessed, connected to an external SMB server controlled by the attackers, allowing interception of NTLM hashes. A subsequent wave of attacks involved .library-ms files sent as direct attachments, requiring minimal user interaction to exploit the vulnerability. The malicious ZIP archive also contained files exploiting older NTLM vulnerabilities. Check Point identified the attackers' SMB servers with specific IP addresses. Despite being classified as medium-severity, the vulnerability's potential impact is significant, prompting organizations to apply the March 2025 updates and consider disabling NTLM authentication if not essential.
Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems
Winsage
April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
Winsage
April 17, 2025

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054 is a vulnerability that allows attackers to capture NTLMv2-SSP hashes from a victim's machine during authentication requests to an attacker-controlled SMB server. Active exploitation of this vulnerability has been observed since March 19, 2025, targeting government and private sectors in Poland and Romania. The attacks involve phishing emails that lead victims to download an archive file containing exploits designed to leak NTLMv2-SSP hashes. Microsoft has released patches for this vulnerability, but users on older, unsupported versions may need to consider micropatching.
Hackers find a way around built-in Windows protections
Tech Optimizer
April 16, 2025

Hackers find a way around built-in Windows protections

Windows Defender Application Control (WDAC) is a built-in security feature on Windows PCs that restricts the execution of unauthorized software by allowing only trusted applications. However, hackers have discovered multiple methods to bypass WDAC, exposing systems to malware and cyber threats. Techniques for bypassing WDAC include using Living-off-the-Land Binaries (LOLBins), DLL sideloading, and exploiting misconfigurations in WDAC policies. Attackers can execute unauthorized code without triggering alerts from traditional security solutions, enabling them to install ransomware or create backdoors. Microsoft operates a bug bounty program to address vulnerabilities in WDAC, but some bypass techniques remain unpatched for long periods. Users can mitigate risks by keeping Windows updated, being cautious with software downloads, and using strong antivirus software.
I abandoned third-party antivirus tools, and here's what I do instead
Tech Optimizer
April 12, 2025

I abandoned third-party antivirus tools, and here’s what I do instead

The author has transitioned from using third-party antivirus solutions to relying on Windows Security, which is built into Windows 10 and 11, due to its effectiveness and lack of cost. They emphasize the importance of keeping Windows Security updated and performing regular virus scans for added peace of mind. Ransomware protection features, such as Controlled Folder Access, are highlighted as essential. The Microsoft PC Manager app is recommended for optimizing system performance and security. The author advocates for good security hygiene, including avoiding suspicious emails and enabling two-factor authentication, as effective practices to maintain security without third-party antivirus software.
Microsoft starts final Windows Recall testing before rollout
Winsage
April 12, 2025

Microsoft starts final Windows Recall testing before rollout

Microsoft is gradually introducing its AI-powered Windows Recall feature to Insiders in the Release Preview channel, with plans to extend it to all Windows users with Copilot+ PCs. Recall captures screenshots of active windows at regular intervals, allowing Windows 11 users to search for text within these snapshots using natural language. Users can opt-in to save snapshots and must authenticate via Windows Hello to access their data. Recall is currently being rolled out to Windows 11 Insiders with Build 26100.3902 (KB5055627). The feature faced privacy concerns upon its introduction in May 2024, leading Microsoft to implement measures to enhance user privacy, such as filtering out sensitive information and allowing users to adjust storage settings. The rollout of the first Recall preview began in November 2024 for Snapdragon Copilot+ PCs, followed by Intel and AMD Copilot+ PCs a month later.
Search