intrusions Archives

Tech Optimizer

August 6, 2025

Android spyware posing as antivirus

A new Android spyware campaign called LunaSpy has emerged, disguising itself as an antivirus or banking protection application. It spreads through deceptive messenger links and fraudulent channels, tricking users into downloading it. Once installed, LunaSpy mimics a legitimate scanner and fabricates threat detections while secretly monitoring device activities and stealing sensitive data. Since February 2025, it has been spreading through hijacked contact accounts and new Telegram channels. Users are advised to avoid downloading apps from unofficial links, scrutinize messenger invitations, and only install applications from reputable app stores. Employing reliable antivirus software and being cautious with permissions can enhance device security.

Tech Optimizer

June 25, 2025

Meet the new features for Avast Free AV and Avast Premium Security

Avast has millions of active users and is recognized in the cybersecurity field for its effective solutions and commitment to user security. Avast Free Antivirus includes real-time behavioral analysis for proactive malware detection, enhanced Network Inspector and Firewall modules for network security, improved intelligent quarantine and cloud scanning, and the new Scam Guardian feature, which includes Web Guard for browsing protection and Avast Assistant for scam guidance. Avast Premium Security offers additional features for heightened privacy, including Sensitive Data Shield, Webcam Shield, Data Shredder, and Hack Alerts for monitoring password leaks. The Pro version introduces Email Guard, which uses AI for intelligent email filtering to detect phishing attempts. Avast's tools enhance online shopping safety, email security, public Wi-Fi connections, and protection of sensitive files and credentials.

BetaBeacon

May 27, 2025

These iOS & Android Apps are Free for a While

Android Apps and Games are available for free for a limited time, including apps like Fake Call Screen, Stabilize Video, Simple Quote Widgets, Number to Word Convert, and Quick Volume Control.

AppWizard

May 13, 2025

Turkish spies caught exploiting zero-day for over a year

Microsoft reported that Turkish espionage operatives have been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger app to gather intelligence on the Kurdish military in Iraq. This operation, attributed to the group Marbled Dust, began in April 2024. The vulnerability is a directory traversal flaw in version 2.0.62 of the app, and many users have not yet updated to the patched version released in December. Marbled Dust has used this flaw to access sensitive user data and deploy malicious files within the Output Messenger server. The group has a history of targeting entities opposing Turkish interests and has evolved its tactics by leveraging this vulnerability for unauthorized access. Srimax and Microsoft are advising users to upgrade to version V2.0.63 to mitigate the risks associated with the exploit.

Tech Optimizer

May 3, 2025

Use Protection: 6 Tips to Watch Porn Online Safely

Seventeen U.S. states have enacted age verification laws that effectively prohibit adult websites from operating within their jurisdictions. The use of Incognito Mode can help hide browsing history, but it is not completely secure as data may still be retained by Google. Data theft is a risk when engaging with adult content, especially if personal information is shared on pornographic sites. Using a VPN can enhance anonymity, but it does not protect against voluntarily shared information. Privacy services like IronVest can help create disposable email addresses and phone numbers. Ads on adult websites can contain malware, making antivirus software important for protection. Trusted pornographic sites typically prioritize user privacy and security, so caution is advised when choosing platforms.

Tech Optimizer

April 26, 2025

How to disable the PC webcam and protect it from unauthorized access

The webcam is a crucial tool for remote communication but poses privacy risks, particularly through a threat known as CamFecting, where unauthorized access can occur via malware, malicious websites, or system vulnerabilities. Preventive measures include using antivirus software, disabling the webcam when not in use, and physically covering the camera with privacy caps or tape. Signs of unauthorized access include unexpected illumination of the webcam light, unusual camera behavior, unknown files on the system, abnormal data consumption, and decreased battery life. To deactivate the webcam, users can adjust settings in major browsers and operating systems. Maintaining digital hygiene, such as regularly updating software, using security systems like firewalls and VPNs, and being cautious of phishing attempts, is essential to minimize risks.

Winsage

April 22, 2025

More Americans are on Windows 11 than Windows 10: the older OS is getting abandoned en masse

Microsoft will officially cease support for Windows 10 on October 14, compelling users to transition to Windows 11, which has more demanding hardware requirements. Users with older systems may struggle to meet these requirements, and Microsoft will not guarantee updates for installations on unsupported hardware. Windows 10 will continue to receive support until October 2025, after which paid updates will be available. The Trusted Platform Module (TPM) is emphasized in Windows 11 for enhanced security, providing encryption and verifying software integrity. Recent statistics show that Windows 11 has surpassed Windows 10 in market share in the U.S., with 54% of users on Windows 11 compared to 44% on Windows 10. However, Windows 10 still holds a 55% market share in Europe and over 60% in Asia.

Winsage

April 8, 2025

EncryptHub plays dual role as cybercriminal and Windows researcher

EncryptHub, a threat actor linked to intrusions at 618 organizations, reported two Windows zero-day vulnerabilities, CVE-2025-24061 and CVE-2025-24071, to Microsoft, which were resolved in March 2025. The vulnerabilities were reported by an individual named SkorikARI, who has been connected to EncryptHub after the threat actor exposed its login credentials. Researchers at Outpost24 identified this link through multiple pieces of evidence, including exfiltrated password files and a GitHub login associated with SkorikARI. EncryptHub has a history of selling zero-days on hacking forums and has been involved in both freelance development and cybercriminal activities. Despite his expertise, the hacker fell victim to poor security practices, leading to the exposure of personal information and interactions with ChatGPT regarding malware development and self-assessment as a hacker.

Tech Optimizer

March 31, 2025

Traditional EDR can’t keep up with modern cyber threats

By 2025, the global cost of cybercrime is projected to reach .5 trillion annually. Many organizations continue to use outdated Endpoint Detection and Response (EDR) solutions, which are increasingly ineffective against sophisticated cyber threats. EDR was introduced in 2013 but has struggled to keep pace with evolving attack techniques. Traditional EDR is reactive, responding to incidents after they occur, and relies on known Indicators of Compromise (IoCs), which limits its effectiveness. Real-world examples of traditional EDR failures include a misconfigured update to CrowdStrike’s Falcon EDR causing an IT outage, the Akira ransomware exploiting an unsecured webcam, the Medibank breach despite multiple alerts from EDR, and the BlackCat ransomware attack on Henry Schein. These incidents highlight the inadequacy of traditional EDR in preventing modern threats. The next phase of endpoint security is Preemptive Endpoint Protection (PEP), which actively prevents attacks rather than just detecting and responding to them. PEP utilizes proactive strategies like Automated Moving Target Defense (AMTD) and Adaptive Exposure Management (AEM), and research indicates that organizations using proactive security save 30% more on breach costs compared to those relying solely on reactive measures.

Winsage

March 19, 2025

Multi-year exploitation of Windows zero-day conducted by state-backed hackers

Nearly a dozen state-sponsored threat operations have been exploiting a zero-day vulnerability in Windows shortcuts, identified as ZDI-CAN-25373, since 2017. Groups such as Mustang Panda, Kimsuky, Evil Corp, and SideWinder have been involved in these attacks, primarily targeting organizations in the Americas, Europe, East Asia, and Australia. The vulnerability allows for arbitrary code execution on vulnerable Windows systems by concealing malicious command-line arguments within .LNK shortcut files. Trend Micro researchers noted that crafted data in an .LNK file can make harmful content invisible to users inspecting the file through the Windows user interface, enabling attackers to execute code in the context of the current user. Microsoft is currently evaluating potential fixes for this vulnerability.