hacking Archives

Winsage

December 27, 2024

Microsoft warns Windows 11 install media bug blocks future security updates

Microsoft has issued a caution regarding the installation of Windows 11 version 24H2 using physical media, specifically if the media contains security updates from October 8 to November 12, 2024. In such cases, the operating system may not accept future security updates. This issue does not affect systems receiving updates through Windows Update or the Microsoft Update Catalog, nor does it impact installations using the December 2024 security update. Microsoft recommends creating new installation media that includes the December 2024 security update to ensure future updates can be received. Users who have already installed version 24H2 with the October or November updates should apply the December 2024 security update to restore their system's ability to accept future updates. Microsoft is working on a permanent solution to this issue. Users have also reported challenges with the Disk Cleanup tool and speaker volume spikes since the launch of version 24H2. Maintaining an updated version of Windows 11 is essential for security, stability, and performance, as updates address vulnerabilities and fix bugs.

Tech Optimizer

December 24, 2024

How To Secure Your Data in the New Year with Norton VPN

- It is important to assess online security as part of digital well-being. - Norton provides tools to enhance internet security, including VPNs, password managers, and antivirus software. - A VPN (Virtual Private Network) secures online activities, especially on public WiFi, by masking the IP address and minimizing tracking. - Norton offers various VPN plans: VPN Standard, VPN Plus (covers up to five devices and includes protection against viruses and malware), and VPN Ultimate (beneficial for families). - A password manager allows users to maintain one secure password for all accounts and securely stores login information. - Norton’s Password Manager is free with Norton VPN Plus and Norton VPN Ultimate plans and generates complex passwords. - Antivirus software scans devices for malware and viruses, with Norton offering a 100% Virus Protection Promise and dark web scanning for compromised personal information. - The Norton VPN Ultimate plan includes features for managing screen time and blocking inappropriate content for families. - Norton offers up to 54% off the first year for annual plan subscriptions.

Tech Optimizer

December 19, 2024

McAfee vs Norton: Which Antivirus Software Is Best?

The rivalry between Norton and McAfee has influenced the antivirus market for decades. Norton Antivirus Plus has a rating of 4.8 out of 5, while McAfee Total Protection has a rating of 4.7 out of 5. Norton offers excellent AV and malware protection, scanning speed, and very good false positive management, while McAfee excels in false positive reduction and includes features like a VPN, firewall, and identity monitoring. Norton typically retails for a certain price per year for five devices but is currently available at a discounted rate, along with a seven-day free trial and a 60-day money-back guarantee. McAfee Total Protection lists at a higher price but is often discounted, with a 30-day free trial and a 30-day money-back guarantee. Norton includes 2 GB of cloud backup and a password manager, while McAfee offers various tiers with additional features like AI-powered tools and enhanced identity theft protection. Users should choose Norton for cost-effectiveness and included cloud backup, while McAfee is preferable for lower system resource usage and fewer false positives. Both products are sufficient on their own, and installing both may cause conflicts.

Winsage

December 19, 2024

Microsoft’s AI “Recall” Feature Caught Screenshotting Your Social Security Number

Microsoft's AI-powered "Recall" tool captures sensitive information, including credit card numbers and social security numbers, despite a new "filter sensitive information" feature intended to prevent this. Tests by Avram Piltch revealed that the filter fails to recognize sensitive data in various contexts, such as when entering information in Windows Notepad or filling out loan applications in Microsoft Edge. Initially launched as part of Microsoft's "Copilot+ PCs," Recall faced backlash over privacy risks and was temporarily withdrawn. It has since returned for select Insiders with encrypted screenshots, but concerns about its effectiveness in protecting sensitive information remain.

Winsage

December 16, 2024

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

The Cybersecurity and Infrastructure Security Agency (CISA) has warned U.S. federal agencies about a critical Windows kernel vulnerability, CVE-2024-35250, which allows local attackers to elevate their privileges to SYSTEM level. This vulnerability is linked to the Microsoft Kernel Streaming Service (MSKSSRV.SYS) and was exploited during the Pwn2Own Vancouver 2024 competition. Microsoft issued a patch for this vulnerability in June 2024, but proof-of-concept exploit code appeared on GitHub four months later. CISA has also flagged a critical Adobe ColdFusion vulnerability, CVE-2024-20767, which allows unauthenticated remote attackers to access sensitive files. Over 145,000 ColdFusion servers are exposed to the Internet. Both vulnerabilities are listed in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must secure their networks by January 6 under the Binding Operational Directive (BOD) 22-01.

Winsage

December 14, 2024

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

Luigi Mangione, 26, was charged with the murder of UnitedHealthcare CEO Brian Thompson and was apprehended in Altoona, Pennsylvania, after evading authorities. He was found with counterfeit identification and a 3D-printed firearm. The U.S. government indicted 14 North Korean nationals for fraudulent IT operations aimed at funding the country's nuclear ambitions, generating an estimated million while stealing sensitive information. Microsoft’s AI Recall Tool faced privacy concerns after capturing sensitive data, prompting the company to postpone its launch and enhance security measures. Cleo file-sharing software warned customers about a vulnerability exploited by cybercriminals using malware named Malichus. The U.S. government imposed sanctions on Chinese hackers accused of hijacking thousands of firewalls, targeting critical infrastructure, and offered a million bounty for information leading to their apprehension.

AppWizard

December 10, 2024

Fellow Diablo 2 snobs: Path of Exile 2 is the game we’ve been waiting for

Path of Exile 2 (PoE 2) entered early access on December 6, allowing players to engage with the game during a significant snowstorm. The game is an action role-playing game (ARPG) that combines elements of hacking, slashing, looting, leveling, crafting, and questing. Players can tackle challenges solo or cooperatively, with the initial act presenting a high level of difficulty. Enemy levels do not scale with the player's character, making strategy and skill essential for survival. Each boss encounter is designed to test player skill, and the game features a support gem system for creative playstyles and a customizable passive skill tree. Grinding Gear Games is addressing player feedback with hotfixes to improve gameplay, including adjustments to loot and currency drops, map systems, and dodge mechanics. PoE 2 runs smoothly on PC and is compatible with gaming handhelds, offering a visually stunning experience. It will be free-to-play after the early access phase.

Winsage

December 9, 2024

The NTLM bug that sees and steals.

Researchers have identified a critical zero-day vulnerability affecting Windows systems. An alleged cyberattack attributed to Ukrainian actors targeted Gazprombank, one of Russia's largest financial institutions. The Russian hacking group BlueAlpha has been reported to exploit CloudFlare services. Microsoft has raised alarms about the Chinese hacking group Storm-0227, which is targeting critical infrastructure and U.S. government agencies. SonicWall has released patches for several high-severity vulnerabilities in its secure access gateway. Atrium Health disclosed a data breach impacting over half a million individuals. Rockwell Automation revealed four critical vulnerabilities in its Arena software that could allow remote code execution. U.S. authorities arrested an alleged member of the Scattered Spider gang, known for telecom hacks. A Nebraska man pleaded guilty to a .5 million cryptojacking scheme.

TrendTechie

December 7, 2024

Игра про Индиану Джонса стала доступна на торрентах за несколько дней до официального выхода

The Indiana Jones game has been leaked on torrent sites ahead of its official release, which is scheduled for December 9, 2024. The leak occurred due to the absence of DRM protection, specifically the Denuvo system, on the premium version of the game, allowing hackers to distribute it for free.

AppWizard

December 4, 2024

Americans urged to use encrypted messaging apps after cyberattack: Officials

U.S. officials recommend citizens use encrypted messaging applications due to recent cyberattacks on major telecommunications companies, including AT&T and Verizon. Microsoft identified a hacking campaign called "Salt Typhoon" as a significant intelligence breach, which remains unresolved. The attacks are believed to be conducted by Chinese entities targeting American citizens, though Chinese officials have not commented on the allegations.