integrity Archives

AppWizard

May 24, 2025

Decentralized Messenger Session Goes Live on Arbitrum With $SESH Token Launch

The decentralized encrypted messenger app, Session, is launching its token, $SESH, on May 21st, 2025, coinciding with the mainnet launch of the new Session Network after a testing phase. Session has over one million monthly active users and operates on a specialized DePIN network with more than 2,000 nodes, ensuring user privacy and anonymity. The total supply of $SESH is capped at 240 million, with an initial release of up to 80 million tokens at the Token Generation Event (TGE). Users can stake 25,000 $SESH tokens to operate a Session Node, ensuring network integrity. The application emphasizes minimal metadata collection and offers features like emoji reactions, voice calls, and group chats. Session is now managed by the nonprofit Session Technology Foundation based in Zug, Switzerland.

Tech Optimizer

May 24, 2025

Connect Amazon Bedrock Agents with Amazon Aurora PostgreSQL using Amazon RDS Data API

Generative AI applications are being integrated with relational databases, allowing organizations to utilize structured data for training AI models. This integration involves using the RDS Data API with Amazon Aurora PostgreSQL-Compatible Edition and Amazon Bedrock for AI model access and automation. The solution enables natural language queries to be converted into SQL statements, executed against the database, and returns results in a user-friendly format. The architecture includes several steps: invoking the Amazon Bedrock agent with natural language input, generating SQL queries using large language models (LLMs), executing those queries via the Data API, and returning formatted results. Security measures are in place to restrict operations to read-only, preventing modifications that could compromise data integrity. To implement this solution, prerequisites include deploying an Aurora PostgreSQL cluster using AWS CDK and setting up the necessary Lambda functions and IAM roles. The agent is designed to convert natural language prompts into SQL queries and execute them securely. Testing can be conducted through the Amazon Bedrock console or the InvokeAgent API, with options for tracing the agent's steps. Key considerations for this integration include limiting it to read-only workloads, implementing parameter validation to prevent SQL injection, and ensuring comprehensive logging and auditing. For multi-tenant applications, appropriate isolation controls should be established. To avoid future charges, all resources created through CDK should be deleted after use.

AppWizard

May 23, 2025

Google is on to your shenanigans: You won’t be able to use this VPN pricing trick anymore

Google has expanded its protections against regional pricing abuse on the Play Store to create a fairer environment for app developers and users. The company is now automatically detecting and blocking purchases that exploit regional price differences, allowing developers to offer localized pricing without the risk of revenue loss. Additionally, Google Play is providing developers with more control over payment location restrictions and has strengthened protections against the misuse of free trial pricing for subscriptions.

Winsage

May 22, 2025

Signal will block Microsoft Recall from snooping on your texts

Encrypted messaging platform Signal is enhancing its Windows application with a feature called Screen Security, which prevents screenshots of messages while the app is in use. The application is flagged as protected by Digital Rights Management (DRM), ensuring that DRM content cannot be recorded in screenshots on Windows devices. Screen Security is activated by default but can be disabled by users if needed. Signal hopes that AI developers will consider the implications of their innovations more thoughtfully. The Recall feature in Windows 11, which allows users to record everything displayed on their screens, has faced privacy and security concerns, and skepticism remains about its readiness for widespread adoption.

AppWizard

May 22, 2025

Signal resorts to “weird trick” to block Windows Recall in Desktop app

Microsoft's Recall feature indexes a wide range of personal data, including Zoom meetings, emails, photos, medical conditions, and conversations on Signal, affecting both users and their contacts without consent. Researcher Kevin Beaumont found that the feature captures sensitive information like payment card details and can decrypt its database using a fingerprint scan or PIN. Developers, such as those at Signal, lack tools to prevent their content from being indexed by Recall, leading Signal to utilize a Digital Rights Management API to protect privacy. This workaround may help, but it depends on all chat participants using the Windows Desktop version with default settings. Microsoft has not addressed concerns regarding developer control over Recall.

Winsage

May 22, 2025

BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover

The dMSA account in Active Directory manages service accounts with enhanced security and automation. Key attributes include msDS-DelegatedMSAState, which indicates the migration status (unknown, in progress, or completed), and msDS-ManagedAccountPrecededByLink, which identifies the superseded account. The msDS-GroupMSAMembership attribute specifies authorized principals for authentication as the dMSA account. After migration, systems using the old service account receive a notification from the Domain Controller that the previous account is disabled, along with a KERB-SUPERSEDED-BY-USER field pointing to the new dMSA. The Key Distribution Center (KDC) within the Kerberos protocol validates user identities and grants access based on permissions, ensuring secure network resource access.

Winsage

May 22, 2025

Signal’s new Windows update prevents the system from capturing screenshots of chats

Signal has updated its Windows application to enhance user privacy by introducing a feature called "screen security," which prevents screenshots on Windows 11. This update responds to privacy concerns raised by Microsoft's Recall functionality, which captures screenshots for user activity tracking. Although Microsoft paused Recall due to public backlash, it resumed testing the feature as opt-in. With screen security enabled, users will see a blank screen when attempting to take a screenshot, but this may affect functionalities like screen readers. Users can disable this feature in Signal Settings, but will receive a warning before confirming the change. Signal hopes that developers will consider privacy implications more thoughtfully in the future.

Winsage

May 22, 2025

Windows Server Flaw a Shortcut to Privilege Escalation

An unpatched vulnerability in Windows Server 2025, identified by Akamai researchers, is associated with a method called "BadSuccessor." This flaw, considered "trivial" to exploit and present in the default configuration, allows for privilege escalation and potential full domain compromise. The vulnerability arises from delegated managed service accounts (dMSA), which were intended to enhance security during the migration of legacy service accounts. However, dMSAs can inherit permissions from legacy accounts, enabling attackers to simulate a migration and gain access to the permissions and encryption keys of those accounts without verification. The attack requires prior permissions within an Active Directory organizational unit, indicating a previous breach. Akamai reported the vulnerability to Microsoft on April 1, but Microsoft classified its severity as "moderate." Akamai recommends organizations restrict the creation of dMSAs to mitigate risks associated with this vulnerability.

Tech Optimizer

May 21, 2025

Defendnot Disarms Windows Defender by Pretending to Be a Friend

A newly developed security program called Defendnot can deceive and disable Windows Defender, even without legitimate antivirus software installed. It alters the system to appear as a genuine antivirus program, allowing hackers to neutralize Windows Defender's protective measures. Defendnot operates through an undocumented API that antivirus software uses to register with the Windows Security Center, causing Microsoft Defender to deactivate. Developed by security researcher es3n1n, Defendnot injects a DLL file into the Taskmgr.exe process, misleading Windows into believing an antivirus is present. Although created for research purposes, it can be misused by cybercriminals. Microsoft Defender recognizes Defendnot as a Trojan and quarantines it upon detection.

Winsage

May 21, 2025

Announcing new Microsoft Dataverse capabilities for multi-agent operations

Microsoft Dataverse is a secure and scalable platform that integrates enterprise data with agent functionalities, serving as the backbone for organizations to manage business and operational data. It powers Microsoft Copilot Studio, enabling developers to create agents that execute adaptive tasks while ensuring human oversight. Key features include AI-powered search, prompt columns for embedding generative AI, and the Dataverse Model Context Protocol (MCP) server, which transforms structured data into interactive knowledge for agents. The MCP server offers capabilities such as querying data, engaging with knowledge sources, creating/updating records, and executing custom prompts. Dataverse knowledge is integrated into Copilot Studio, connecting structured and unstructured data from various sources to create a unified knowledge network. Data in Dataverse is pre-indexed for near-real-time analytics, and integration with Microsoft Fabric allows for easy exploration of this data. Dynamics 365 data is now accessible within Microsoft 365 Copilot, streamlining workflows. New knowledge sources and connectors have been introduced, including Snowflake, SAP, and Confluence, enhancing agent capabilities. The Power Platform connector SDK simplifies the integration of external structured data into Power Apps and Dataverse. A centralized Tools hub in Copilot Studio allows for the management of reusable functionalities across agents. Additionally, three new managed agents are available in preview, designed to automate document workflows, generate executive briefs, and process inbound leads, facilitating quick implementation and scalability for organizations.