Injection Archives

Winsage

June 8, 2025

Windows 10 is ending: How to install Windows 11 on an unsupported PC

Support for Windows 10 will officially conclude in October 2025, prompting users to seek alternative solutions for security and updates. Users with devices that do not meet Windows 11 requirements can install it on unsupported hardware using a tailored ISO and a tool called MicroWin. To create a personalized Windows 11 image, users must run a command in the Windows terminal to activate WinUtil, which allows downloading the latest official ISO from Microsoft. Users can customize their installation settings and generate a modified, lighter ISO. After creating the ISO, it can be transferred to a USB drive for installation. This method helps extend the lifespan of older PCs as users transition from Windows 10.

Tech Optimizer

June 5, 2025

UltraAV Delivers Continuous Innovation in Antivirus Protection

UltraAV, an antivirus solution from Point Wild, has introduced significant enhancements to improve threat protection and user experience. Key updates include: - Advanced AV Engine upgrades for faster scans and improved detection rates across versions 12.0, 12.3, 12.4, and 12.7.2. - The ability to scan external USB devices and schedule recurring scans, introduced in version 12.8. - Expanded privacy and identity protections for premium users, including identity theft monitoring and real-time fraud alerts. - Seamless integration with Total Cleaner for premium subscribers, enhancing app reliability (versions 12.7 and 12.7.1). - Self-protection features to safeguard UltraAV binaries from malware (version 12.8). - URL filtering to block harmful URLs for Chrome users (version 12.4). UltraAV is built on over 20 years of research and development, integrating real-time threat intelligence and AI-driven detection. Point Wild, the parent company, provides cybersecurity solutions to over 25 million users globally.

AppWizard

June 3, 2025

The Edge of Fate will be the biggest change to Destiny 2 since it launched—an injection of fresh ideas, but also of ARPG grind

Bungie's upcoming expansion for Destiny 2, The Edge of Fate, introduces a tiered loot system categorizing new gear from one to five, with higher tiers offering enhanced perks and stat increases. The expansion features new weapon archetypes, including rocket sidearms and healing auto rifles, and introduces a Portal feature for selecting activities and customizing difficulty. Daily rotating guaranteed rewards for specific playlists aim to streamline the acquisition of tier 5 weapons and introduce set bonuses for armor. The expansion is set to launch on July 15.

AppWizard

June 2, 2025

Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

On May 30, 2025, CERT Polska disclosed three security vulnerabilities affecting preinstalled Android applications on Ulefone and Krüger&Matz smartphones: CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917. - CVE-2024-13915: The com.pri.factorytest application allows any app to invoke the FactoryResetService, enabling unauthorized factory resets due to improper export controls (CWE-926). - CVE-2024-13916: The com.pri.applock application exposes a public method that allows malicious apps to steal the user’s PIN, representing an exposure of sensitive system information (CWE-497). - CVE-2024-13917: The exported activity in com.pri.applock allows privilege escalation by enabling malicious apps to inject intents with system-level privileges if they have access to the compromised PIN (CWE-926). Users of affected devices are advised to seek firmware updates or mitigations from their vendors.

AppWizard

June 2, 2025

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities have been identified in pre-installed applications on Ulefone and Krüger&Matz Android smartphones, disclosed on May 30, 2025. Three vulnerabilities affect these devices, including CVE-2024-13915, which targets the com.pri.factorytest application, allowing unauthorized factory resets. CVE-2024-13916 and CVE-2024-13917 affect the com.pri.applock application on Krüger&Matz smartphones, enabling malicious apps to extract user PIN codes and inject arbitrary intents. These vulnerabilities stem from improper export of Android application components, allowing malicious applications to bypass Android’s permission model. Users are advised to check for updates and consider disabling vulnerable applications.

Tech Optimizer

June 2, 2025

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses

Underground cybercriminal forums are seeing an increase in advanced malware tools, including a Windows crypter that claims to bypass major antivirus solutions. This crypter is marketed as fully activated and capable of achieving Full Undetectable (FUD) status against contemporary antivirus engines. It employs advanced obfuscation techniques to evade detection, including code injection methods, entropy manipulation, and anti-debugging features. The tool allows for granular control over obfuscation parameters, enabling customization for specific target environments. The rise of such sophisticated evasion tools poses challenges for traditional endpoint security, making organizations vulnerable if they rely solely on signature-based antivirus solutions. To defend against these threats, organizations should adopt multi-layered security architectures, including behavioral analysis and endpoint detection and response (EDR) solutions.

Tech Optimizer

May 24, 2025

Connect Amazon Bedrock Agents with Amazon Aurora PostgreSQL using Amazon RDS Data API

Generative AI applications are being integrated with relational databases, allowing organizations to utilize structured data for training AI models. This integration involves using the RDS Data API with Amazon Aurora PostgreSQL-Compatible Edition and Amazon Bedrock for AI model access and automation. The solution enables natural language queries to be converted into SQL statements, executed against the database, and returns results in a user-friendly format. The architecture includes several steps: invoking the Amazon Bedrock agent with natural language input, generating SQL queries using large language models (LLMs), executing those queries via the Data API, and returning formatted results. Security measures are in place to restrict operations to read-only, preventing modifications that could compromise data integrity. To implement this solution, prerequisites include deploying an Aurora PostgreSQL cluster using AWS CDK and setting up the necessary Lambda functions and IAM roles. The agent is designed to convert natural language prompts into SQL queries and execute them securely. Testing can be conducted through the Amazon Bedrock console or the InvokeAgent API, with options for tracing the agent's steps. Key considerations for this integration include limiting it to read-only workloads, implementing parameter validation to prevent SQL injection, and ensuring comprehensive logging and auditing. For multi-tenant applications, appropriate isolation controls should be established. To avoid future charges, all resources created through CDK should be deleted after use.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

AppWizard

May 21, 2025

Google says Gemini 2.5 models are only getting better with Deep Think and Flash

Google has announced enhancements to its Gemini 2.5 models, including the 2.5 Pro version and the new 2.5 Flash model, which improves speed and efficiency. The 2.5 Pro will include native audio output controls for developers to customize speech. Enhanced security measures will protect against malicious instructions and prompt injection attacks. Project Mariner's functionality will be integrated into Gemini and Vertex AI. Google is also introducing insightful summaries for developers to aid in debugging, along with cost control features through a "thinking budget." A generally available model will be released, and support for Model Context Protocol (MCP) will facilitate the integration of open-source tools into Gemini projects.

Winsage

May 20, 2025

Securing the Model Context Protocol: Building a safer agentic future on Windows

The Model Context Protocol (MCP) is a lightweight, open protocol functioning as JSON-RPC over HTTP, facilitating standardized discovery and invocation of tools. MCP defines three roles: MCP Hosts (applications accessing capabilities), MCP Clients (initiators of requests), and MCP Servers (services exposing functionalities). Windows 11 will incorporate MCP to enable developers to create intelligent applications leveraging generative AI. An early preview of MCP capabilities will be available for developer feedback. MCP introduces security risks, including cross-prompt injection, authentication gaps, credential leakage, tool poisoning, lack of containment, limited security review, registry risks, and command injection. To address these, Windows 11's MCP Security Architecture will establish security requirements for MCP servers, ensuring user safety and transparency, enforcing least privilege, and implementing security controls like proxy-mediated communication, tool-level authorization, a central server registry, and runtime isolation. MCP servers must comply with security requirements, including mandatory code signing, unchanged tool definitions at runtime, security testing, mandatory package identity, and declared privileges. An early private preview of MCP server capability will be offered to developers post-Microsoft Build for feedback, with a secure-by-default enforcement strategy planned for broader availability. Microsoft aims to enhance defenses continuously and collaborate with partners to bolster MCP's security framework.