incident Archives

AppWizard

March 8, 2025

Two Russian regions block Telegram app over security fears

Authorities in Dagestan and Chechnya have blocked the Telegram messenger service due to concerns about its misuse by adversarial elements. This decision was announced by Yuri Gamzatov, Dagestan's digital development minister, following riots at Makhachkala airport linked to an anti-Israel demonstration in October 2023, which was fueled by information spread on Telegram. The unrest led to multiple prosecutions, but no injuries were reported. Telegram has condemned the violence and plans to block channels that promoted antisemitic content. Founded by Pavel Durov, Telegram has nearly 1 billion users and has faced previous challenges, including a failed ban in 2018. Gamzatov suggested that the ban could be lifted in the future, advising users to consider alternative messaging platforms during the restriction.

Winsage

March 7, 2025

Akira Ransomware Targets Windows Servers via RDP and Evades EDR with Webcam Trick

The Akira ransomware group has demonstrated its ability to bypass Endpoint Detection and Response (EDR) tools by exploiting an unsecured webcam. In 2024, Akira was responsible for 15% of ransomware incidents addressed by the S-RM team. The group typically gains access through remote access solutions and uses tools like AnyDesk.exe. In a recent attempt to deploy ransomware on a Windows server, their initial effort was thwarted by EDR detection. Subsequently, they conducted an internal network scan and targeted a vulnerable webcam, which lacked EDR protection. By compromising the webcam, Akira deployed Linux-based ransomware to encrypt files across the victim’s network. This incident highlights the need for organizations to patch and manage IoT devices, audit networks for vulnerabilities, implement network segmentation, and monitor IoT traffic for anomalies.

Winsage

March 6, 2025

Cybercriminals Exploit YouTubers to Spread SilentCryptoMiner on Windows Systems

A malware campaign has emerged, exploiting the popularity of Windows Packet Divert drivers. The SilentCryptoMiner malware, disguised as legitimate tools, has affected over 2,000 victims in Russia. Cybercriminals manipulate YouTubers to share malicious links, with one YouTuber having 60,000 subscribers attracting over 400,000 views on infected videos. Compromised files were hosted on gitrok[.]com, with over 40,000 downloads. Attackers issue copyright strikes to content creators, threatening channel shutdowns to propagate malware. The infection begins with a modified script that executes an executable via PowerShell, using a Python-crafted loader to fetch the payload. SilentCryptoMiner, based on XMRig, mines various cryptocurrencies stealthily, employing techniques to evade detection and dynamically adjust its behavior. This campaign highlights the evolving tactics of cybercriminals, leveraging demand for bypass tools to distribute malware. Users are advised to be cautious when downloading tools from untrusted sources.

AppWizard

March 5, 2025

There’s a new way to play PlayStation and PC games early

Sony has launched the PlayStation Beta Program, allowing PlayStation and PC gamers to express interest in participating in beta tests for new or unreleased titles and features. Registration is open and free for users with a valid PlayStation Network Account in the 73 countries where the network operates. Participation is by invitation only, and participants must sign a Non-Disclosure Agreement (NDA) to maintain confidentiality. Earlier this year, there was high demand for access codes to the Elden Ring: Nightreign network test, with some codes selling for hundreds of pounds. Additionally, Sony offered five extra days of PSN membership to users affected by a 24-hour outage of the PlayStation Network.

AppWizard

March 5, 2025

Google Has Pulled Nearly 200 Apps Due to Extensive Android Ad Fraud Scheme

Google has removed over 180 applications from its Play Store due to a scheme exploiting Android apps for ad fraud, as revealed by Integral Ad Science (IAS). The investigation, initiated in late 2024, identified unusual app behavior and traffic patterns. The operation, named Vapor Threat, involved fraudsters creating shell applications that appeared as legitimate health and fitness tools but were designed solely to generate ad revenue through full-screen video advertisements. IAS emphasized the need for vigilance in the advertising ecosystem and highlighted the ongoing challenges of ad fraud, urging advertisers to adopt robust anti-fraud strategies.

Winsage

March 4, 2025

How to Manually Clean Your Windows PC

Many Windows PC users experience sluggish performance due to storage overload, which can be exacerbated by ineffective automated solutions like Storage Sense. A manual cleanup can help target specific files consuming storage space. The steps for manual cleanup include: 1. Press the Windows key + R to open the Run dialog box. 2. Type "cleanmgr" and hit Enter or "OK" to open the Disk Cleanup tool. 3. Check the boxes for "Temporary Files," "Recycle Bin," and "System Cache" (or any other unnecessary files). 4. Click "OK," then select "Delete Files" to confirm. Following these steps can improve PC performance, leading to faster boot times, smoother browsing, and increased available storage. Additional optimization measures include uninstalling unused applications, deleting duplicate files, and transferring large files to external drives or cloud storage.

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.

Winsage

March 3, 2025

It looks like Microsoft might have broken Windows 11 24H2 again as performance plummets with Intel’s latest CPUs

Users of Windows 11 24H2 have reported issues after installing patches KB5050094 and KB5051987, particularly affecting those with Intel Core Ultra 9 285K processors, leading to game crashes and performance slowdowns. One user experienced crashes while playing The Settlers: New Allies, and others noted widespread instability across applications. An affected user with an ASRock Z890 Pro RS motherboard faced difficulties getting their system running without a beta BIOS due to an Intel microcode update. Users observed significant performance drops when applications were minimized, with CPU clock rates throttled. Performance issues were replicated across multiple applications, including 7Zip and Prime95, with benchmarks showing halved performance when minimized. A workaround involves adjusting power settings, but no definitive fix is available. Users with AMD Ryzen 9 9950X or older Intel Core i9-12900K processors have not reported similar issues, suggesting problems may be specific to Intel's LGA 1851 platform. Additional issues with Windows 11 24H2 include increased advertising in the Settings menu, high CPU utilization, and a glitch causing interface language discrepancies. The patches are optional, allowing users to revert to a more stable version or reinstall Windows 11.

Tech Optimizer

March 3, 2025

Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware

Cybersecurity experts are reporting an increase in fileless attacks, where cybercriminals use PowerShell and legitimate Microsoft applications to deploy malware with minimal traces. These attacks have existed for over twenty years and are effective at evading traditional antivirus solutions. Attackers exploit PowerShell to download and execute malicious payloads directly in memory, complicating detection. They also utilize LOLBAS techniques, manipulating legitimate applications like BITS to execute malware. Memory injection techniques, such as Process Hollowing, allow attackers to disguise malware as legitimate processes. To combat these threats, cybersecurity professionals recommend deploying Endpoint Detection and Response solutions, enhancing memory analysis, enabling comprehensive PowerShell logging, and implementing PowerShell Constrained Language Mode. Organizations should also monitor Active Directory and conduct regular vulnerability assessments. Traditional file-based security measures are inadequate against these evolving threats, necessitating a shift to behavior-based detection and robust monitoring.

AppWizard

March 2, 2025

Breaking: WhatsApp and Messenger Crash in Multiple Countries, Panic Ensues at Meta

Users of WhatsApp and Facebook Messenger experienced significant outages globally, with over 4,000 reports in the U.S. for WhatsApp and more than 10,000 in India. Facebook Messenger had nearly 1,000 error reports in the U.S., while the U.K. saw over 50,000 complaints. Among the reported issues, 70% of users were unable to send messages, 22% faced connection troubles, and 19% experienced general app malfunctions. This incident follows a similar outage in December of the previous year, which garnered over 105,000 complaints for Facebook, 70,000 for Instagram, and 12,000 for WhatsApp. The hashtag #WhatsappDown became popular on social media, with users sharing humorous reactions.