incident Archives

Winsage

December 27, 2024

Sophos report reveals growing misuse of trusted Windows tools

Sophos has reported a 51% increase in the exploitation of "living off the land" binaries (LOLBins) since 2021, with an 83% rise over the past three years. In an analysis of nearly 200 incident response cases in the first half of 2024, 187 distinct Microsoft LOLBins were identified, with remote desktop protocol (RDP) being the most targeted, appearing in 89% of incidents. Compromised credentials are the leading cause of cyberattacks, responsible for 39% of incidents, despite a decrease from 56% in 2023. The LockBit ransomware group remains the most prevalent threat, accounting for 21% of infections. Additionally, 21% of compromised Active Directory servers were found to be operating beyond Microsoft’s mainstream support, making them more vulnerable. Sophos emphasizes the importance of proactive monitoring and regular system updates to mitigate these risks.

Tech Optimizer

December 27, 2024

Data protection advancements expected to shape 2025 security

Andrew Eva, the Global CIO of Assured Data Protection, predicts that by 2025, there will be a seamless integration of backup systems with ransomware detection, antivirus technologies, and intrusion detection systems. He highlights a collaboration between Rubrik and Google to provide enterprise customers with insights into known exploits for better early detection of malicious codes. Disaster recovery systems will take on a more frontline role in cyber threat management, utilizing machine learning to identify potential viruses. Ransomware is expected to remain the top cyber threat, prompting organizations to prioritize disaster recovery and backup solutions. Concerns about data security in relation to artificial intelligence will lead organizations to seek assurances regarding data protection from managed service providers (MSPs). The criteria for cyber insurance are tightening, making MSPs essential for businesses to meet these requirements. There is also an anticipated surge in demand for Backup-as-a-Service (BaaS), especially in healthcare, driven by resource constraints and a shift towards operational expenditures.

TrendTechie

December 26, 2024

Overclockers.ru: Indiana Jones and the Great Circle появилась на на торрентах за несколько дней до релиза

The game "Indiana Jones and the Great Circle" experienced a piracy incident shortly before its official release, with early access owners inadvertently leaking a complete version. Although the developers did not use Denuvo DRM, the game was protected by an internal Steam mechanism that was eventually bypassed by hackers. The online performance on Steam has been disappointing, with a peak of just over 2,196 concurrent players. The game has received a 92% positive rating on Steam and an average score of 86 on Metacritic. The official launch is set for December 9, 2024.

Tech Optimizer

December 26, 2024

“I went through hell” Japanese indie dev on how their game was wrongly flagged as a virus, and blocked on Steam

A Japanese indie developer, Shiromofu Factory, launched the game Dungeon Antiqua on October 10, 2024. The game, inspired by early Final Fantasy and Wizardry titles, is available on Windows and macOS and has received a Very Positive review status on Steam. After a December 6 update, users reported virus warnings from antivirus programs like Norton, Avast, and McAfee, which were triggered by the game's use of the Pyxel engine and Pyinstaller for executable files. The developer advised users to exclude the game's .exe file from scans, but on December 12, Steam blocked the game from sale due to multiple virus reports. The developer requested a rollback to an earlier version, which prevented future updates. They purchased Norton Antivirus for testing and attempted various solutions, including filing reports with antivirus companies and considering a code signing certificate. They identified that the use of Python’s “os.remove()” function contributed to the false alerts and implemented a workaround. However, antivirus software retained memory of flagged files, causing continued blocks. Ultimately, flipping the fairy image associated with the game’s file by 180 degrees allowed Dungeon Antiqua to bypass the antivirus barriers and resume updates.

AppWizard

December 24, 2024

Controversial messaging app Telegram is profitable, says its founder. Here’s how it makes money.

Encrypted messaging service Telegram has achieved profitability after 11 years of operation, with revenue surpassing billion in 2024 and cash reserves of 0 million. CEO Pavel Durov attributed this success to advertising and premium subscriptions. The company introduced initiatives like a revenue-sharing model for content creators and a premium subscription tier priced at .99 per month. Telegram has reduced its billion debt and noted a significant turnaround from the previous year, when it reported a loss of million on revenues of million. Despite its financial success, the platform faces global scrutiny over misinformation and limited content moderation, with bans in several countries and a history of being prohibited in Russia from 2018 to 2020.

AppWizard

December 23, 2024

Urgent Android warning for anyone who uses Amazon – delete dangerous app now

McAfee's security team discovered a malicious app named "BMI CalculationVsn" in Amazon's Android Appstore, which pretended to be a health tracker but was capable of screen recording, password theft, and accessing private SMS messages. Following the report, Amazon removed the app from its platform, and users who downloaded it are advised to uninstall it immediately. McAfee recommends that Android users install reliable antivirus software, scrutinize permission requests before downloading apps, and monitor app behavior for unusual activity to enhance their security.

AppWizard

December 19, 2024

Android malware found on Amazon Appstore disguised as health app

A malicious Android spyware application named 'BMI CalculationVsn' was discovered on the Amazon Appstore, disguised as a health tool. Researchers at McAfee Labs identified the app, which was siphoning data from infected devices without users' knowledge, and alerted Amazon, leading to its removal. Users who installed the app must manually uninstall it and scan their devices for any remaining spyware. The app, published by 'PT Visionet Data Internasional,' initially appeared as a user-friendly BMI calculator but secretly activated a screen recording service and collected sensitive information, including SMS messages and one-time passwords. The app first appeared on October 8 and underwent modifications throughout the month. This incident highlights vulnerabilities in app stores and emphasizes the need for users to be cautious when downloading applications and to review app permissions carefully. Keeping Google Play Protect activated is recommended for enhanced security.

AppWizard

December 19, 2024

‘Gooner 9/11’ averted as Zenless Zone Zero’s butt-obfuscation technology is rolled back in the face of horny outrage

A recent update to Zenless Zone Zero led to player backlash after patch 1.4 introduced a change that caused characters to appear faded from certain angles, which players referred to as a "butt filter." This change sparked frustration within the community, with users expressing concerns over perceived censorship and speculating about external pressures, including potential influence from the Chinese government. In response to the outcry, developer MiHoYo announced a hotfix less than 24 hours later, addressing the fading effect and restoring characters' appearances to normal. The community celebrated the reversal, although the motivations behind the initial change remain unclear.

Tech Optimizer

December 18, 2024

Mattermost and pgEdge partner to deliver ultra-high availability, multi-master PostgreSQL for always-on, always-available collaboration

Mattermost has entered a strategic partnership with pgEdge to integrate pgEdge Distributed PostgreSQL as a supported database for its collaboration platform. This collaboration aims to enhance Mattermost's platform with an ultra-high availability database solution, allowing organizations to achieve four nines or five nines of uptime. The integration supports deployment in on-premises environments or cloud accounts, including secure computing settings. The partnership has already led to collaboration with a U.S. Government agency requiring a consistently available collaboration platform. Mattermost is recognized for its secure collaboration tools for defense, security, and intelligence teams, while pgEdge is known for its fully distributed, open-source PostgreSQL database with multi-master replication technology.

Winsage

December 18, 2024

When old Microsoft codenames surface in unusual places

Windows 95 was internally codenamed "Chicago" during its development, while externally it was referred to as Windows 4.0 and Windows 93. The codename persisted in the implementation process, particularly in driver labeling, because drivers for Windows 95 were tagged with "Chicago" before the official name existed. This naming convention continued to be used even after the introduction of Windows XP, as the distinction between Windows NT and Windows 9x kernels faded. Codenames can lead to confusion and misinterpretation, as illustrated by a former Microsoft staffer's experience with the codename "Turbine" for Windows Server Azure Edition, which was mistakenly linked to an Xbox version.