incident Archives

Winsage

March 6, 2025

Cybercriminals Exploit YouTubers to Spread SilentCryptoMiner on Windows Systems

A malware campaign has emerged, exploiting the popularity of Windows Packet Divert drivers. The SilentCryptoMiner malware, disguised as legitimate tools, has affected over 2,000 victims in Russia. Cybercriminals manipulate YouTubers to share malicious links, with one YouTuber having 60,000 subscribers attracting over 400,000 views on infected videos. Compromised files were hosted on gitrok[.]com, with over 40,000 downloads. Attackers issue copyright strikes to content creators, threatening channel shutdowns to propagate malware. The infection begins with a modified script that executes an executable via PowerShell, using a Python-crafted loader to fetch the payload. SilentCryptoMiner, based on XMRig, mines various cryptocurrencies stealthily, employing techniques to evade detection and dynamically adjust its behavior. This campaign highlights the evolving tactics of cybercriminals, leveraging demand for bypass tools to distribute malware. Users are advised to be cautious when downloading tools from untrusted sources.

AppWizard

March 5, 2025

There’s a new way to play PlayStation and PC games early

Sony has launched the PlayStation Beta Program, allowing PlayStation and PC gamers to express interest in participating in beta tests for new or unreleased titles and features. Registration is open and free for users with a valid PlayStation Network Account in the 73 countries where the network operates. Participation is by invitation only, and participants must sign a Non-Disclosure Agreement (NDA) to maintain confidentiality. Earlier this year, there was high demand for access codes to the Elden Ring: Nightreign network test, with some codes selling for hundreds of pounds. Additionally, Sony offered five extra days of PSN membership to users affected by a 24-hour outage of the PlayStation Network.

AppWizard

March 5, 2025

Google Has Pulled Nearly 200 Apps Due to Extensive Android Ad Fraud Scheme

Google has removed over 180 applications from its Play Store due to a scheme exploiting Android apps for ad fraud, as revealed by Integral Ad Science (IAS). The investigation, initiated in late 2024, identified unusual app behavior and traffic patterns. The operation, named Vapor Threat, involved fraudsters creating shell applications that appeared as legitimate health and fitness tools but were designed solely to generate ad revenue through full-screen video advertisements. IAS emphasized the need for vigilance in the advertising ecosystem and highlighted the ongoing challenges of ad fraud, urging advertisers to adopt robust anti-fraud strategies.

Winsage

March 4, 2025

How to Manually Clean Your Windows PC

Many Windows PC users experience sluggish performance due to storage overload, which can be exacerbated by ineffective automated solutions like Storage Sense. A manual cleanup can help target specific files consuming storage space. The steps for manual cleanup include: 1. Press the Windows key + R to open the Run dialog box. 2. Type "cleanmgr" and hit Enter or "OK" to open the Disk Cleanup tool. 3. Check the boxes for "Temporary Files," "Recycle Bin," and "System Cache" (or any other unnecessary files). 4. Click "OK," then select "Delete Files" to confirm. Following these steps can improve PC performance, leading to faster boot times, smoother browsing, and increased available storage. Additional optimization measures include uninstalling unused applications, deleting duplicate files, and transferring large files to external drives or cloud storage.

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.

Winsage

March 3, 2025

It looks like Microsoft might have broken Windows 11 24H2 again as performance plummets with Intel’s latest CPUs

Users of Windows 11 24H2 have reported issues after installing patches KB5050094 and KB5051987, particularly affecting those with Intel Core Ultra 9 285K processors, leading to game crashes and performance slowdowns. One user experienced crashes while playing The Settlers: New Allies, and others noted widespread instability across applications. An affected user with an ASRock Z890 Pro RS motherboard faced difficulties getting their system running without a beta BIOS due to an Intel microcode update. Users observed significant performance drops when applications were minimized, with CPU clock rates throttled. Performance issues were replicated across multiple applications, including 7Zip and Prime95, with benchmarks showing halved performance when minimized. A workaround involves adjusting power settings, but no definitive fix is available. Users with AMD Ryzen 9 9950X or older Intel Core i9-12900K processors have not reported similar issues, suggesting problems may be specific to Intel's LGA 1851 platform. Additional issues with Windows 11 24H2 include increased advertising in the Settings menu, high CPU utilization, and a glitch causing interface language discrepancies. The patches are optional, allowing users to revert to a more stable version or reinstall Windows 11.

Tech Optimizer

March 3, 2025

Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware

Cybersecurity experts are reporting an increase in fileless attacks, where cybercriminals use PowerShell and legitimate Microsoft applications to deploy malware with minimal traces. These attacks have existed for over twenty years and are effective at evading traditional antivirus solutions. Attackers exploit PowerShell to download and execute malicious payloads directly in memory, complicating detection. They also utilize LOLBAS techniques, manipulating legitimate applications like BITS to execute malware. Memory injection techniques, such as Process Hollowing, allow attackers to disguise malware as legitimate processes. To combat these threats, cybersecurity professionals recommend deploying Endpoint Detection and Response solutions, enhancing memory analysis, enabling comprehensive PowerShell logging, and implementing PowerShell Constrained Language Mode. Organizations should also monitor Active Directory and conduct regular vulnerability assessments. Traditional file-based security measures are inadequate against these evolving threats, necessitating a shift to behavior-based detection and robust monitoring.

AppWizard

March 2, 2025

Breaking: WhatsApp and Messenger Crash in Multiple Countries, Panic Ensues at Meta

Users of WhatsApp and Facebook Messenger experienced significant outages globally, with over 4,000 reports in the U.S. for WhatsApp and more than 10,000 in India. Facebook Messenger had nearly 1,000 error reports in the U.S., while the U.K. saw over 50,000 complaints. Among the reported issues, 70% of users were unable to send messages, 22% faced connection troubles, and 19% experienced general app malfunctions. This incident follows a similar outage in December of the previous year, which garnered over 105,000 complaints for Facebook, 70,000 for Instagram, and 12,000 for WhatsApp. The hashtag #WhatsappDown became popular on social media, with users sharing humorous reactions.

Winsage

March 1, 2025

Microsoft killed Skype, confirmed AI in Call of Duty, helped people pirate Windows 11, and began testing Office with ads — ALL IN A SINGLE WEEK

Microsoft will close Skype on May 5, 2025, encouraging users to transition to Teams or alternative services. Activision has confirmed the use of AI-generated content in Call of Duty: Black Ops 6 and Warzone. Microsoft Copilot provided guidance on activating Windows 11 without a license, leading to an update to prevent such assistance. Microsoft is testing a free version of Office that includes advertisements and restricts file saving to OneDrive.

AppWizard

March 1, 2025

WhatsApp down as thousands of app users struggling to send messages

On a Friday afternoon, WhatsApp experienced significant outages affecting at least 68,000 users globally, along with issues on Facebook Messenger, Facebook, and TikTok. The disruptions began around 3:12 PM, primarily impacting users in London, Manchester, and Glasgow. Users reported difficulties sending messages (55%), server connection issues (34%), and problems with the app (11%). Many turned to X (formerly Twitter) to discuss the outage. By 6 PM, WhatsApp confirmed the issue had been resolved. This incident follows previous outages at Meta, including one in December affecting over 100,000 users and another in October 2021 that left billions without access for nearly six hours, resulting in a significant financial loss for Mark Zuckerberg.