hackers Archives

Winsage

February 21, 2025

Robin Hood

A group of hackers has released a toolkit that claims to permanently unlock nearly all versions of Windows from Windows 7 to the latest iterations and Microsoft Office from 2013 to 2024. They justify their actions by positioning themselves as a "Robin Hood" of the digital realm, advocating against the commercialization of software piracy. They recommend using LibreOffice as an ethical alternative to Microsoft’s offerings.

Winsage

February 21, 2025

Can you really get Windows and Office for free? These hackers say yes

A group of developers called Massgrave has hacked Microsoft's activation tools for Windows and Office, uploading PowerShell scripts to GitHub that allow users to activate Windows and perpetual-license Office versions without paying licensing fees. Their tool, TSforge, supports activation for Windows versions 7, 8.x, 10, and 11, as well as Office versions from 2010 onward, excluding Microsoft 365 subscriptions. The scripts require minimal technical expertise and have been tested successfully on fresh installations of Windows 11 and updated Windows 10 machines. Massgrave acknowledges their actions as piracy and does not accept donations, emphasizing the ethical implications. The safety of the scripts is questioned, as there is a risk of malicious actors cloning their work. Microsoft is aware of the situation and plans to take action against unauthorized use of their software.

Winsage

February 21, 2025

Hackers release TSforge exploit that «forever» activates Windows and Office

A hacker group called Massgrave has developed a method named TSforge Activation that permanently activates most Microsoft products and bypasses the digital rights management (DRM) system. This method allows updates for Windows 10 beyond its official end of support in October 2025. The group previously launched the Microsoft Activation Scripts (MAS) project in 2024, claiming to dismantle Microsoft’s DRM protections. The TSforge method works by replacing activation data files with counterfeit data, tricking the Software Protection Platform (SPP) into accepting fraudulent product keys. TSforge currently enables activation for Windows 7 and later versions, including Windows Server (2008 R2 – 2025), and Office 2013-2024 on Windows 8 and later. It also unlocks commercial features like Extended Security Updates for Windows 7-10. Despite being aware of these activators, Microsoft has not taken significant action against them. The MAS project is open-source and hosted on GitHub. The hackers argue that their tool could be used as an alternative activation method in urgent situations.

Tech Optimizer

February 21, 2025

Serious PostgreSQL flaw exploited in US Treasury zero-day attack

Security researchers have identified a zero-day vulnerability in PostgreSQL, labeled CVE-2025-1094, which is believed to have contributed to the cyber breach of the US Treasury in December. The breach was initially attributed to the command injection vulnerability CVE-2024-12356 in the BeyondTrust Remote Support platform. Successful exploitation of CVE-2024-12356 required prior exploitation of CVE-2025-1094. Although BeyondTrust issued a patch for CVE-2024-12356 in December 2024, it did not resolve the underlying issue of CVE-2025-1094, leaving it a zero-day vulnerability until reported to PostgreSQL. Chinese hackers reportedly gained remote access to multiple workstations within the US Treasury, potentially compromising unclassified documents. The details of the accessed documents and the number of workstations involved are not disclosed. This incident is part of a broader pattern of cyber attacks linked to Chinese state-sponsored actors.

Tech Optimizer

February 20, 2025

PostgreSQL vulnerability exploited in US Treasury attack

In December 2024, suspected state-sponsored Chinese hackers executed a sophisticated cyber attack on U.S. Treasury employees' workstations, utilizing a dual vulnerability strategy involving CVE-2024-12356 and CVE-2025-1094. CVE-2024-12356 is an unauthenticated command injection flaw in BeyondTrust Remote Support SaaS, while CVE-2025-1094 is a PostgreSQL zero-day vulnerability that allows SQL injection attacks through the psql tool. The PostgreSQL team released a fix for CVE-2025-1094 on February 13, 2025, and BeyondTrust issued patches in December 2024 to mitigate the vulnerabilities. PostgreSQL users are advised to upgrade to fixed versions: 17.3, 16.7, 15.11, 14.16, or 13.19, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided advisories and indicators of compromise related to these vulnerabilities.

AppWizard

February 19, 2025

Warning over privacy of encrypted messages as Russia targets Signal…

Russia-backed hacking groups have advanced their techniques to infiltrate encrypted messaging platforms like Signal, WhatsApp, and Telegram, posing a threat to journalists, politicians, and activists. These hackers are targeting Signal's "linked devices" feature using malicious QR codes to gain real-time access to victims' messages. Incidents have included compromised Signal accounts leading to military strikes. The Sandworm group has been linked to compromising Signal accounts on devices captured in Ukraine, utilizing a Russian-language website to provide instructions for linking accounts to their infrastructure. Successful breaches often go undetected for long periods, with attackers using modified Signal group invite pages and phishing kits. Additionally, threat actors have stolen Signal database files from Android and Windows devices, with malware like Infamous Chisel extracting sensitive data. Attacks on Signal and other messaging services are increasing, with Russia-aligned groups employing social engineering tactics against users of WhatsApp. In response, Signal has enhanced security measures, including a new interface to alert users of unauthorized device links and additional authentication steps.

Tech Optimizer

February 19, 2025

Norton 360 Deluxe: the multi-layered digital shield and VPN for your devices

In the first half of 2024, Canada reported 41,000 cyber incidents, emphasizing the need for enhanced online security. Norton 360 Deluxe offers a comprehensive security solution that includes features such as dark web monitoring, a built-in VPN, parental controls, and 50GB of cloud storage. A 15-month subscription is currently available at a reduced price, allowing protection for up to five devices against various cyber threats.

Tech Optimizer

February 19, 2025

Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc

Trend Micro's Threat Hunting team has identified a new tactic used by the Chinese hacking group Earth Preta (Mustang Panda), which employs the Microsoft Application Virtualization Injector to evade antivirus detection. The malware checks for ESET antivirus on the target system and, if absent, exploits the waitfor.exe function to inject malicious code into legitimate processes. Earth Preta uses Setup Factory to deliver its payloads, utilizing MAVInject.exe to inject harmful code. After injection, the malware connects to a command and control (C2) server controlled by the attackers. The attack shares similarities with previous campaigns, supporting attribution to Earth Preta.

Tech Optimizer

February 17, 2025

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The US Treasury workstations were breached by suspected state-sponsored Chinese hackers using two zero-day vulnerabilities. The first vulnerability, CVE-2024-12356, is an unauthenticated command injection flaw in BeyondTrust's Remote Support SaaS, which requires prior exploitation of CVE-2025-1094. CVE-2025-1094 is related to the PostgreSQL interactive tool, psql, and allows SQL injection attacks due to improper handling of invalid byte sequences. This vulnerability can lead to arbitrary code execution through the execution of meta-commands. Fixes for CVE-2025-1094 were issued by the PostgreSQL team on February 13, 2025, and BeyondTrust released patches in December 2024 that also mitigate risks associated with this vulnerability. PostgreSQL users are advised to upgrade to specific fixed versions, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided technical details and indicators of compromise for the vulnerabilities.

Tech Optimizer

February 17, 2025

Mac users beware: AI-powered malware threats are on the rise

Apple devices, particularly Macs, are facing an increase in cyberattacks, with a new wave of sophisticated malware targeting sensitive data. The emergence of Atomic Stealer (AMOS) in mid-2023 marked a shift from less harmful adware to more serious threats, with AMOS being marketed as a user-friendly service. By mid-2024, Poseidon became the leading Mac information stealer, responsible for 70% of infections and capable of draining various cryptocurrency wallets and capturing sensitive credentials. Cybercriminals are also using malvertising to lure users into downloading disguised malware. Android users are experiencing an even more severe situation, with a significant rise in phishing attacks. In 2024, researchers identified 22,800 malicious apps designed for phishing, along with thousands capable of reading one-time passwords (OTPs). These apps often mimic legitimate software and can easily infiltrate app stores, including Google Play. While Google Play Protect offers some malware protection, it is not entirely effective. To protect against malware threats, it is recommended to use strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication (2FA) for critical accounts.