We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

information-stealing malware

Microsoft fixes bug causing incorrect 0x80070643 WinRE errors
Winsage
April 24, 2025

Microsoft fixes bug causing incorrect 0x80070643 WinRE errors

Microsoft has resolved a known issue causing 0x80070643 installation failure errors during the deployment of the April 2025 Windows Recovery Environment (WinRE) updates. This issue affected the KB5057588 update for Windows Server 2022 and the KB5057589 update for Windows 10, versions 22H2 and 21H2. The error message was misleading, as it did not reflect the actual status of the update or the device's performance. The error typically occurred when a device attempted to install the WinRE update while another update was pending a reboot. Microsoft confirmed that users will no longer see the incorrect error message after installing the affected updates. Additionally, in August of the previous year, Microsoft retired the January 2024 Windows security updates that also triggered 0x80070643 errors during WinRE updates. During that time, fraudulent IT support websites promoted malicious PowerShell "fixes" for these errors, leading to malware infections among users.
Microsoft tells Windows users to ignore 0x80070643 WinRE errors
Winsage
April 15, 2025

Microsoft tells Windows users to ignore 0x80070643 WinRE errors

Microsoft has acknowledged that some users may experience installation failures with error code 0x80070643 when deploying the April 2025 Windows Recovery Environment (WinRE) updates, specifically affecting the KB5057589 update for Windows 10 versions 22H2 and 21H2, and the KB5057588 update for Windows Server 2022. The company stated that this error is misleading and does not affect device functionality, as the WinRE update is typically applied successfully after a device restart. Users may see a failure indication in Windows Update, but this will be resolved after the next daily scan and restart. Microsoft is working on a resolution for this issue, which follows a similar situation from August 2024. Additionally, fraudulent IT support websites have been identified promoting malicious PowerShell "fixes" for these errors.
New Windows zero-day exploited by 11 state hacking groups since 2017
Winsage
March 18, 2025

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a Windows vulnerability tracked as ZDI-CAN-25373 since 2017 for data theft and cyber espionage. Microsoft has classified this vulnerability as "not meeting the bar for servicing," meaning no security updates will be released. The flaw allows attackers to execute arbitrary code on affected Windows systems by concealing malicious command-line arguments within .LNK shortcut files, using padded whitespaces to evade detection. Nearly 70% of the analyzed attacks linked to this vulnerability were related to espionage, while 20% aimed for financial gain. Various malware payloads, including Ursnif, Gh0st RAT, and Trickbot, have been associated with these attacks. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. Microsoft has not assigned a CVE-ID to this vulnerability but is tracking it internally as ZDI-CAN-25373. A Microsoft spokesperson mentioned that the company is considering addressing the flaw in the future.
Windows PCs targeted by new malware hitting a vulnerable driver
Winsage
November 8, 2024

Windows PCs targeted by new malware hitting a vulnerable driver

Researchers have identified a new threat campaign called SteelFox, which uses counterfeit software activators and cracks to infiltrate Windows systems. The campaign deploys a vulnerable driver, information-stealing malware, and a cryptocurrency miner, compromising sensitive data and exploiting system resources for illicit mining. Victims are reported globally, including regions from Brazil to China, affecting users of commercial software like Foxit PDF Editor, JetBrains, and AutoCAD. Cybercriminals continue to advertise these fake software solutions, increasing the potential for further infections.
Windows vulnerability abused braille “spaces” in zero-day attacks
Winsage
September 18, 2024

Windows vulnerability abused braille “spaces” in zero-day attacks

A vulnerability in Windows, tracked as CVE-2024-43461, has been reclassified as previously exploited after being used in attacks by the Void Banshee APT group to deploy information-stealing malware. Initially disclosed in September 2024, it was confirmed to have been exploited before the fix was issued. The flaw was discovered by Peter Girnus from Trend Micro, who noted that it was used in zero-day attacks alongside another vulnerability, CVE-2024-38112. The attacks involved malicious HTA files disguised as PDFs, utilizing braille whitespace characters to hide the true file extension. Following the security update, Windows now accurately displays the .hta extension, although the presence of whitespace may still mislead users. Microsoft also addressed three other actively exploited zero-days during the September Patch Tuesday.
CISA warns of Windows flaw used in infostealer malware attacks
Winsage
September 18, 2024

CISA warns of Windows flaw used in infostealer malware attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to strengthen their systems against the Windows MSHTML spoofing zero-day vulnerability identified as CVE-2024-43461. This vulnerability was initially deemed non-exploited by Microsoft but was later confirmed to have been exploited before its patch. Attackers, including the Void Banshee hacking group, used this vulnerability to install information-stealing malware by deceiving users into opening malicious files disguised as harmless documents. CISA has included this vulnerability in its Known Exploited Vulnerabilities catalog and has mandated that federal agencies secure their systems within three weeks, with a deadline of October 7. Additionally, Microsoft has addressed three other actively exploited zero-days in its September 2024 Patch Tuesday updates.
Google Chrome adds app-bound encryption to block infostealer malware
Winsage
August 1, 2024

Google Chrome adds app-bound encryption to block infostealer malware

Google Chrome has introduced app-bound encryption in version 127 for Windows to enhance cookie protection and defend against information-stealing malware. This feature improves the Data Protection API (DPAPI) by tying encrypted data to the application's identity, preventing unauthorized access by other applications. The new mechanism operates through a Windows service that verifies an application's identity, making it harder for attackers to decrypt data without gaining system privileges. App-bound encryption will protect not only cookies but also passwords, payment data, and other authentication tokens. This initiative is part of broader security measures by Google, which include download protection and account-based threat detection.
Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware
Winsage
August 1, 2024

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google has introduced app-bound encryption for its Chrome browser to enhance security against information-stealing malware on Windows. This method utilizes the Data Protection API (DPAPI) to protect data at rest but improves upon it by integrating the application's identity into the encrypted data, limiting access to only Chrome. This enhancement was included in the release of Chrome 127 and initially focuses on securing cookies, with plans to extend protection to passwords, payment information, and other authentication tokens. Organizations using roaming profiles are advised to implement the ApplicationBoundEncryptionEnabled policy for optimal security. Additionally, Google has previously introduced a technique to monitor access to browser cookies and credentials using a Windows event log. This development is part of broader security improvements in Chrome, which also include enhanced Safe Browsing protocols and automated scans for harmful downloads.
Search