extortion Archives

Winsage

March 26, 2025

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

Broadcom has advised users of VMware Tools for Windows to update to the latest version due to a high-severity vulnerability (CVE-2025-22230) that is being exploited by cybercriminals. This vulnerability affects versions 11.x.x and 12.x.x and is classified as an "authentication bypass vulnerability," allowing a malicious actor with non-administrative privileges on a Windows guest to perform high-privilege operations within that VM. The flaw stems from inadequate access control mechanisms. The vulnerability has a CVSS score of 7.8 and does not require user interaction for exploitation. It was discovered by Sergey Bliznyuk of Positive Technologies. Broadcom has patched the vulnerability in version 12.5.1, and users are urged to update immediately, as no workarounds are available.

Tech Optimizer

March 13, 2025

Maximize Your Data Security With the Best Antivirus for Windows in 2025

Antivirus software should effectively block malware threats and receive regular updates. It is advisable to choose software with high ratings from reputable labs like AV-Test. The software should not consume excessive system resources, and personal testing through free trials is recommended. Antivirus solutions monitor user activities to identify and neutralize threats, prioritizing user privacy by anonymizing data and not selling it. Many providers offer bundled services, including ransomware protection, phishing protection, password managers, VPNs, safe browsing tools, parental controls, and identity theft protection. While bundles can save time and money, individual tools may be more suitable for specific needs. Leading antivirus solutions for Windows often extend protection to Android, iOS, and MacOS, though some features may be limited on non-Windows platforms. Initial discounts for antivirus solutions may lead to higher renewal prices, and plans typically cater to multiple devices, with options for single or dual-device plans available.

AppWizard

February 24, 2025

Android App on Google Play Targets Indian Users to Steal Login Credentials

A recently uncovered Android application, Finance Simplified (package: com.someca.count), is a malware platform disguised as a financial management tool for Indian users. It has rapidly gained downloads, increasing from 50,000 to 100,000 in one week. The app uses location-based targeting to present unauthorized loan applications and redirects users to external websites that bypass Google Play’s security. It requests extensive permissions, including access to location data, contacts, call logs, SMS messages, clipboard content, and external storage, and stealthily collects sensitive information like passwords and credit card numbers, which are sent to a command-and-control server on Amazon EC2. The app employs tactics such as dynamic WebView manipulation to present fake loan applications, persistent data harvesting, and blackmail through altered user photos. Finance Simplified is part of a network of fraudulent apps that falsely claim registration with Indian financial regulators and have been removed from the Play Store for fraudulent activities. Users are advised to scrutinize app permissions and avoid downloading unverified applications.

Winsage

February 19, 2025

A new and dangerous keylogger is on the loose – here’s how to stay safe

Cybersecurity experts at Fortinet have identified a new threat called the Snake Keylogger, which has been involved in over 280 million blocked infection attempts. This malware uses advanced obfuscation techniques, making it difficult to detect and neutralize, and poses risks to individuals and organizations by allowing attackers access to sensitive data. Cybersecurity professionals recommend proactive defense strategies, including keeping antivirus software updated and educating users about cybersecurity issues. Fortinet has not revealed the creators of the Snake Keylogger or specific industries it targets.

Winsage

December 15, 2024

Dangerous New Windows Drive-By Security Alert—What You Need To Know

Cloak ransomware, emerging in 2022, has quickly become a significant threat in the cyber landscape, with a new variant raising concerns due to its advanced capabilities. The group uses initial access brokers and social engineering techniques, including phishing and malicious advertising, to gain network access. The ransomware employs a drive-by download method, disguising itself as legitimate system updates. Cloak may have connections to the Good Day ransomware group and utilizes a variant derived from leaked Babuk ransomware source code. Once delivered, it employs sophisticated mechanisms for extraction and privilege escalation, terminating security processes and modifying system settings to hinder recovery. The encryption process uses Curve25519 and SHA512 algorithms, and it exhibits advanced evasion techniques. Cloak ensures payload persistence by altering Windows registry entries and restricting user actions, disrupting essential system utilities and leading to operational downtime. Its extortion tactics include disguising ransom notes as desktop wallpapers and employing intermittent encryption to maximize damage. The ransomware deletes shadow copies and backups, complicating recovery efforts. Cloak also utilizes a data leak site to publish or sell stolen data if ransom demands are not met, claiming a ransom payment success rate of 91% to 96%. Windows users are advised to implement comprehensive security measures to reduce the risk of attacks.