impersonation Archives

Winsage

February 13, 2025

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft has released a patch addressing 63 vulnerabilities, following a previous update that fixed 159 flaws. The vulnerabilities are categorized by severity: critical, important, moderate, and low. Three critical vulnerabilities requiring user action are: - CVE-2025-21376: Affects Windows LDAP, allowing remote control of systems using Active Directory. - CVE-2025-21379: Pertains to potential Man-in-the-Middle attacks, enabling attackers to manipulate communications and steal data. - CVE-2025-21381: Can be exploited by tricking users into downloading malicious files, allowing arbitrary code execution. Two zero-day vulnerabilities already under exploitation are: - CVE-2025-21391: Allows attackers to bypass access controls and delete files. - CVE-2025-21418: Enables attackers to gain system privileges for configuration and user management. Other notable vulnerabilities include: - CVE-2025-21194: A hypervisor vulnerability that could compromise the kernel. - CVE-2025-21377: Could expose NTLM hashes, allowing impersonation of users. - CVE-2025-21198: Affects Microsoft's HPC systems, allowing complete control through a malicious web request, with a high CVSS score of 9.0. Users are advised to update Windows to safeguard their systems.

Winsage

November 15, 2024

November delivers a heap of Microsoft patches for admins

Microsoft released updates addressing 89 CVE-listed security vulnerabilities, including two actively exploited flaws: CVE-2024-49039 (Windows Task Scheduler, CVSS 8.8) allowing privilege escalation, and CVE-2024-43451 (NTLM spoofing, CVSS 6.5) enabling account impersonation. Other critical vulnerabilities include CVE-2024-43602 (Azure CycleCloud, CVSS 9.9) allowing remote code execution, CVE-2024-43498 (.NET and Visual Studio, CVSS 9.8) exploitable via malicious requests, and CVE-2024-43639 (Windows Kerberos, CVSS 9.8) leading to remote code execution. CISA added the Windows Task Scheduler and NTLMv2 vulnerabilities to its Known Exploited Vulnerabilities Catalog and reported an increase in zero-day exploitations in 2023 compared to 2022. Citrix, Intel, AMD, and Adobe also released patches for various vulnerabilities.

BetaBeacon

October 2, 2024

The 45 best free Android games for your phone or tablet | Stuff

- Vampire Survivors is a devilishly simple roguelike shoot 'em up game available on mobile for over a year. - Super Cat Tales: PAWS is a platform game where players control a band of cats through various levels. - Swordigo is a 2D adventure-platformer game with monsters to fight and treasures to find. - Dadish 3 is a platform game where players control a radish bouncing through levels to rescue his kids. - Bean Dreams is a platform game that emphasizes learning levels, timing, and exploration. - Sad But Ded is a platform game with a leapy protagonist trying to reach the flag without dying. - It's full of Sparks is a game where players direct a jumping firecracker to water to prevent it from exploding. - Alto's Odyssey is an endless runner game set in a desert with new gameplay elements like bouncing off hot-air balloons. - Saily Seas is a survival game where players try to avoid drowning and being eaten by a whale. - Will Hero is a platforming game with a square hero who bounces forward to defeat enemies. - Super Fowlst 2 is a game where players control a chicken saving the world from a demon invasion using its rear. - Knight Brawl is a hack 'em up game with a sword-wielding protagonist battling enemies in various scenarios. - Beat Street is a scrolling retro game where players fight enemies using only a single digit. - PinOut! is a pinball game with a single massive table challenging players to hit ramps against the clock. - Spaceteam is a multiplayer game where players give orders to prevent their ship from exploding. - Shadowgun Legends is a mobile FPS game where players aim to become a legendary warrior by completing missions. - Time Locker is a vertical shooter game where everything moves only when the player does. - PewPew Live is a twin-stick shooty game reminiscent of classic arcade games like Robotron: 2084. - Shooty Quest is a game where players shoot enemies with arrows using specific weapons for each enemy. - Missile Command: Recharged is a redesigned version of the classic Missile Command game where players defend against nuclear missile attacks. - Please, Touch the Artwork 2 is a puzzle game based on the work of Belgian modern artist James Ensor.

AppWizard

September 26, 2024

Uninstall Now: This Android App Is Secretly Stealing Crypto

A fraudulent Android application posing as "WalletConnect" has stolen over 0,000 from approximately 150 users. The app, which initially appeared as "Mestox Calculator" in March, has undergone several name changes, including "WalletConnect - Crypto Wallet." It was found to have generated fake five-star reviews while also receiving reports of it being a scam. Although removed from the Google Play Store, users are advised to delete it immediately. The app functions as a web browser leading to a calculator site, and if certain criteria are met, users are redirected to a malicious site. This site is suspected of harboring malware. The underlying malware, known as MS Drainer, targets crypto wallets and has previously drained over million through phishing ads. WalletConnect, the legitimate platform, has warned users about fake apps since 2021 and clarifies that it does not have a standalone app.

AppWizard

August 31, 2024

Is Telegram Safe? Secure Messaging App Explained

Telegram is a secure messaging platform that offers end-to-end encryption for video, text, and audio messages. The app employs this encryption by default for voice and video calls and in private chats known as Secret Chats. Despite its security features, Telegram has faced scrutiny for providing user information to authorities in the past. Recently, CEO Pavel Durov was arrested in France on charges related to crimes facilitated through the platform, including drug trafficking and online scams. The arrest has raised concerns about the platform's safety, but it is noted that it will not significantly affect the app's encryption. Prominent figures have expressed support for Durov, arguing that platform owners should not be held responsible for abuses of their services. Users are advised to remain vigilant against scams by being cautious of unsolicited messages, avoiding sharing sensitive information, and maintaining a skeptical mindset.

AppWizard

August 17, 2024

BEWARE: New Scam Involving Facebook Video Calls from Your Friends

The author received a video call from a friend, Andy Johnson, who was using a suspicious phone number. The call was silent and ended in frustration. Afterward, the author learned from another friend that Andy's Facebook had been hacked, confirming that the call was a sophisticated impersonation. This type of scam has been reported previously, and many of Andy's friends had experienced similar communications. The incident underscores the need for vigilance against convincing scams.