Injection Archives

AppWizard

June 22, 2025

Counterfeit Minecraft mods deliver malware

A series of sophisticated cyberattacks using ACR Stealer-based Amatera Stealer malware have been executed as part of ClearFake web injection campaigns between April and May. These campaigns utilize advanced techniques, including EtherHiding to obscure malicious activities, targeting smart contracts on the Binance Smart Chain for unauthorized access, and ClickFix Exploitation to manipulate user interactions for executing harmful scripts.

Winsage

June 20, 2025

Microsoft boosts default security of Windows 365 Cloud PCs

Microsoft is enhancing its Windows 365 Cloud PCs with new security features starting in May 2025. All newly provisioned and reprovisioned Cloud PCs using a Windows 11 gallery image will have Virtualization-Based Security (VBS), Credential Guard, and Hypervisor-Protected Code Integrity (HVCI) enabled by default. VBS creates a secure environment to protect system processes, Credential Guard secures authentication credentials, and HVCI ensures only verified code runs at the kernel level. Additionally, beginning in the latter half of 2025, clipboard, drive, USB, and printer redirections will be disabled by default on newly provisioned and reprovisioned Cloud PCs to mitigate security risks, although IT administrators can re-enable these features if needed.

Winsage

June 11, 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

On June 2025 Patch Tuesday, Microsoft released security updates for 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day vulnerability. The updates addressed ten "Critical" vulnerabilities, with eight being remote code execution vulnerabilities and two related to elevation of privileges. The breakdown of vulnerabilities includes 13 Elevation of Privilege, 3 Security Feature Bypass, 25 Remote Code Execution, 17 Information Disclosure, 6 Denial of Service, and 2 Spoofing vulnerabilities. The actively exploited zero-day vulnerability is CVE-2025-33053, a WebDAV Remote Code Execution vulnerability, while the publicly disclosed zero-day is CVE-2025-33073, a Windows SMB Client Elevation of Privilege vulnerability. Other companies also released updates in June 2025, including Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube, and SAP, addressing various vulnerabilities across their products.

Winsage

June 8, 2025

Windows 10 is ending: How to install Windows 11 on an unsupported PC

Support for Windows 10 will officially conclude in October 2025, prompting users to seek alternative solutions for security and updates. Users with devices that do not meet Windows 11 requirements can install it on unsupported hardware using a tailored ISO and a tool called MicroWin. To create a personalized Windows 11 image, users must run a command in the Windows terminal to activate WinUtil, which allows downloading the latest official ISO from Microsoft. Users can customize their installation settings and generate a modified, lighter ISO. After creating the ISO, it can be transferred to a USB drive for installation. This method helps extend the lifespan of older PCs as users transition from Windows 10.

Tech Optimizer

June 5, 2025

UltraAV Delivers Continuous Innovation in Antivirus Protection

UltraAV, an antivirus solution from Point Wild, has introduced significant enhancements to improve threat protection and user experience. Key updates include: - Advanced AV Engine upgrades for faster scans and improved detection rates across versions 12.0, 12.3, 12.4, and 12.7.2. - The ability to scan external USB devices and schedule recurring scans, introduced in version 12.8. - Expanded privacy and identity protections for premium users, including identity theft monitoring and real-time fraud alerts. - Seamless integration with Total Cleaner for premium subscribers, enhancing app reliability (versions 12.7 and 12.7.1). - Self-protection features to safeguard UltraAV binaries from malware (version 12.8). - URL filtering to block harmful URLs for Chrome users (version 12.4). UltraAV is built on over 20 years of research and development, integrating real-time threat intelligence and AI-driven detection. Point Wild, the parent company, provides cybersecurity solutions to over 25 million users globally.

AppWizard

June 3, 2025

The Edge of Fate will be the biggest change to Destiny 2 since it launched—an injection of fresh ideas, but also of ARPG grind

Bungie's upcoming expansion for Destiny 2, The Edge of Fate, introduces a tiered loot system categorizing new gear from one to five, with higher tiers offering enhanced perks and stat increases. The expansion features new weapon archetypes, including rocket sidearms and healing auto rifles, and introduces a Portal feature for selecting activities and customizing difficulty. Daily rotating guaranteed rewards for specific playlists aim to streamline the acquisition of tier 5 weapons and introduce set bonuses for armor. The expansion is set to launch on July 15.

AppWizard

June 2, 2025

Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

On May 30, 2025, CERT Polska disclosed three security vulnerabilities affecting preinstalled Android applications on Ulefone and Krüger&Matz smartphones: CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917. - CVE-2024-13915: The com.pri.factorytest application allows any app to invoke the FactoryResetService, enabling unauthorized factory resets due to improper export controls (CWE-926). - CVE-2024-13916: The com.pri.applock application exposes a public method that allows malicious apps to steal the user’s PIN, representing an exposure of sensitive system information (CWE-497). - CVE-2024-13917: The exported activity in com.pri.applock allows privilege escalation by enabling malicious apps to inject intents with system-level privileges if they have access to the compromised PIN (CWE-926). Users of affected devices are advised to seek firmware updates or mitigations from their vendors.

AppWizard

June 2, 2025

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities have been identified in pre-installed applications on Ulefone and Krüger&Matz Android smartphones, disclosed on May 30, 2025. Three vulnerabilities affect these devices, including CVE-2024-13915, which targets the com.pri.factorytest application, allowing unauthorized factory resets. CVE-2024-13916 and CVE-2024-13917 affect the com.pri.applock application on Krüger&Matz smartphones, enabling malicious apps to extract user PIN codes and inject arbitrary intents. These vulnerabilities stem from improper export of Android application components, allowing malicious applications to bypass Android’s permission model. Users are advised to check for updates and consider disabling vulnerable applications.

Tech Optimizer

June 2, 2025

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses

Underground cybercriminal forums are seeing an increase in advanced malware tools, including a Windows crypter that claims to bypass major antivirus solutions. This crypter is marketed as fully activated and capable of achieving Full Undetectable (FUD) status against contemporary antivirus engines. It employs advanced obfuscation techniques to evade detection, including code injection methods, entropy manipulation, and anti-debugging features. The tool allows for granular control over obfuscation parameters, enabling customization for specific target environments. The rise of such sophisticated evasion tools poses challenges for traditional endpoint security, making organizations vulnerable if they rely solely on signature-based antivirus solutions. To defend against these threats, organizations should adopt multi-layered security architectures, including behavioral analysis and endpoint detection and response (EDR) solutions.

Tech Optimizer

May 24, 2025

Connect Amazon Bedrock Agents with Amazon Aurora PostgreSQL using Amazon RDS Data API

Generative AI applications are being integrated with relational databases, allowing organizations to utilize structured data for training AI models. This integration involves using the RDS Data API with Amazon Aurora PostgreSQL-Compatible Edition and Amazon Bedrock for AI model access and automation. The solution enables natural language queries to be converted into SQL statements, executed against the database, and returns results in a user-friendly format. The architecture includes several steps: invoking the Amazon Bedrock agent with natural language input, generating SQL queries using large language models (LLMs), executing those queries via the Data API, and returning formatted results. Security measures are in place to restrict operations to read-only, preventing modifications that could compromise data integrity. To implement this solution, prerequisites include deploying an Aurora PostgreSQL cluster using AWS CDK and setting up the necessary Lambda functions and IAM roles. The agent is designed to convert natural language prompts into SQL queries and execute them securely. Testing can be conducted through the Amazon Bedrock console or the InvokeAgent API, with options for tracing the agent's steps. Key considerations for this integration include limiting it to read-only workloads, implementing parameter validation to prevent SQL injection, and ensuring comprehensive logging and auditing. For multi-tenant applications, appropriate isolation controls should be established. To avoid future charges, all resources created through CDK should be deleted after use.