IPv6 Archives

Winsage

March 15, 2025

SteamOS 3.7.0 Preview brings the ‘beginnings of support for non-Steam Deck handhelds’

Valve has released the SteamOS 3.7.0 Preview, which is currently exclusive to the Steam Deck but will soon support a wider range of non-Steam Deck handheld devices. Users can access the Preview channel by adjusting their Steam Deck update settings. Key updates include: - Updated to a newer Arch Linux base and Linux kernel version 6.11. - Bluetooth controllers can now wake LCD models of the Steam Deck. - Added support for the Proteus Byowave controller. - Resolved issues with the Switch Pro Controller gyros and stuck controller inputs. - Enabled HFP/HSP profiles for integrated microphone use with Bluetooth headsets in Desktop mode. - Introduced a battery level display for supported Bluetooth devices. - Improved compatibility for specific displays with the Steam Deck Dock. - Enabled AMD P-State CPU frequency control and fixed performance issues in certain games. - Updated desktop mode to Plasma 6.2.5, with improved surround sound functionality and pre-installed KDE Filelight. - Fixed various UI and system update issues, enhanced system responsiveness, and enabled IPv6 Privacy Extensions by default. Known issues include problems with Creative Zen Air Pro earbuds, Super NES controllers, and DualShock 3 controllers. Developer updates include kernel updates and improvements to system management.

Winsage

December 7, 2024

How Can You Change DNS Settings on Your Windows 10 laptop?

Your Internet Service Provider (ISP) provides internet access and DNS addresses, which are essential for navigating the web. However, relying solely on your ISP's DNS servers can lead to privacy issues, slower speeds, and unreliability. Third-party DNS services can enhance the internet experience on Windows 10. The Domain Name System (DNS) translates website names into IP addresses, and any disruptions can hinder browsing. Changing DNS settings can improve internet speed and safety, with options for parental controls. To change DNS settings on Windows 10, users should access Advanced Network Settings, select the connection to modify, choose IP Version 4 (TCP/IP v4), and enter the preferred and alternate DNS server addresses. iTop VPN is a service that protects online activities, encrypts traffic, alters IP addresses, and safeguards DNS settings. It offers a fast and free service, DNS protection from unauthorized changes, privacy security features, and the ability to unblock content.

Winsage

November 20, 2024

Windows security and resiliency: Protecting your business

Microsoft prioritizes security and is set to unveil new security advancements during Ignite 2024, including insights from a July incident and investments to enhance security measures. The Secure Future Initiative (SFI) has dedicated the equivalent of 34,000 full-time engineers to address security challenges. The upcoming November update will provide insights and actionable learnings for customers. The Windows Resiliency Initiative focuses on improving reliability, enabling more applications to run without admin privileges, implementing stronger controls over applications and drivers, and enhancing identity protection against phishing attacks. Quick Machine Recovery will allow IT administrators to execute fixes remotely, available to the Windows Insider Program in early 2025. Microsoft is evolving partnerships with endpoint security providers through the Microsoft Virus Initiative (MVI) and is developing new capabilities for security product developers. A private preview for these capabilities will be available in July 2025, and Microsoft is transitioning to safer programming languages. Windows 11 is designed to be more secure than Windows 10, requiring a hardware-backed security baseline for new PCs. Features like Windows Hello Enhanced Sign-in Security and the Microsoft Pluton security processor enhance security. Windows 11 has led to a reported 62% reduction in security incidents and a threefold decrease in firmware attacks. New features in Windows 11 address challenges such as overprivileged users, unverified apps, and insecure credentials. Administrator protection allows users to make system changes securely without persistent admin privileges. Multifactor Authentication (MFA) is emphasized, with Windows Hello serving as the built-in MFA solution. Smart App Control and App Control for Business policies ensure that only verified applications can run, while Windows Protected Print integrates with Mopria-certified devices to enhance security. Personal Data Encryption safeguards files in known folders, and Hotpatch allows critical security updates without system restarts. Zero Trust DNS restricts devices to approved domains, and Config Refresh helps maintain preferred configurations. Microsoft emphasizes collaboration with OEMs and app developers to ensure Windows is secure by design and default.

Tech Optimizer

October 31, 2024

Beyond antivirus: Other essential tools to protect your Mac

Macs are facing an increasing number of cybersecurity threats, with malware targeting macOS rising from eight families in 2021 to 21 in 2023. To protect against these threats, users are advised to implement antivirus software, maintain regular backups using tools like Apple's Time Machine and cloud services, enable the built-in firewall, use password managers for secure password storage, and utilize a VPN for secure internet connections, especially on public Wi-Fi.

Tech Optimizer

October 18, 2024

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Threat actors are increasingly using the open-source tool EDRSilencer to evade endpoint detection and response (EDR) solutions. EDRSilencer, inspired by MDSec's NightHawk FireBlock, obstructs outbound traffic from active EDR processes by utilizing the Windows Filtering Platform (WFP). It can terminate processes associated with various EDR products, including those from Microsoft, Elastic, Trellix, and Qualys. By employing EDRSilencer, malicious actors aim to render EDR software ineffective, complicating malware identification and removal. The tool dynamically identifies active EDR processes and establishes persistent filters to inhibit their outbound communications, preventing security software from transmitting telemetry data. This tactic enhances the likelihood of successful attacks without detection. Additionally, ransomware groups are utilizing advanced EDR-killing tools like AuKill and EDRKillShifter, which exploit vulnerable drivers to escalate privileges and terminate security processes, showcasing a sophisticated approach to evading detection. EDRKillShifter employs advanced persistence mechanisms to maintain its presence within a system and disrupt security processes in real-time.

Tech Optimizer

October 15, 2024

Attackers deploying red teaming tool for EDR evasion – Help Net Security

Threat actors are increasingly using the open-source tool EDRSilencer to bypass endpoint detection and response (EDR) systems. EDRSilencer, originally designed for red teaming, silences EDR solutions by utilizing the Windows Filtering Platform (WFP) to block outbound network communications of EDR processes. It detects processes from various EDR products, including Carbon Black EDR, Cybereason, ESET Inspect, SentinelOne, Microsoft Defender, and others. Additional rules can be implemented to block processes not explicitly listed in the tool. The landscape of EDR evasion tools has expanded, with groups like FIN7 marketing AvNeutralizer to ransomware factions. Other tools include EDRKillShifter and PoorTry, which target and terminate security products. These tools are often sold as subscription services, making them accessible to threat actors with varying technical skills. Prices for these tools range from [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Threat actors are increasingly turning to the open-source tool EDRSilencer as a means to bypass endpoint detection and response (EDR) systems, according to recent findings from Trend Micro researchers. About EDRSilencer This software, originally designed for red teaming exercises, is now being misused to effectively “silence” EDR solutions. EDRSilencer operates by utilizing the Windows Filtering Platform (WFP), which enables the creation of tailored rules to monitor, block, and modify network traffic. As explained by the researchers, “The code leverages WFP by dynamically identifying running EDR processes and creating WFP filters to block their outbound network communications on both the internet protocols IPv4 and IPv6, effectively preventing EDRs from sending telemetry or alerts to their management consoles.” EDRSilencer currently detects processes from a wide range of EDR products, including: Carbon Black EDR Cybereason ESET Inspect SentinelOne Trellix EDR Microsoft Defender for Endpoint Microsoft Defender Antivirus Tanium TrendMicro Apex One And others Moreover, Trend Micro researchers noted that when certain processes are not explicitly listed within the tool, they can still be blocked by implementing additional rules. The Rise of EDR Evasion Tools The landscape of EDR evasion tools has expanded significantly, with groups like FIN7 marketing AvNeutralizer (also known as AuKill) to various ransomware factions since early 2023. This tool employs Windows’ TTD Monitor Driver and the Sysinternals Process Explorer driver to disrupt or crash protected EDR processes. RansomHub RaaS has been utilizing EDRKillShifter, while other RaaS actors have adopted PoorTry (also referred to as BurntCigar), a driver specifically designed to target and terminate security products. Additionally, Qilin ransomware attackers have been using “Killer Ultra,” which exploits a vulnerable Zemana driver to disable EDR and antivirus processes. Despite the differing mechanisms of these tools, the outcome remains consistent: endpoint security solutions are rendered ineffective. According to ExtraHop researchers, “EDR evasion tools are typically sold as subscription services, starting as low as 0 per month or 0 for a single bypass. The low price point makes these tools highly accessible to ransomware affiliates and other threat actors, including those with lower levels of technical proficiency.” On the higher end, some listings have been observed priced at ,500, and even as high as ,000 for packages that include EDR evasion capabilities alongside encryption lockers. In light of these developments, Trend Micro researchers recommend that organizations implement advanced detection mechanisms and proactive threat hunting strategies to mitigate the risks posed by EDR-killing tools. Additionally, Intel471 researchers have recently outlined methods for tracking EDRKillshifter, while ConnectWise Cyber Research has provided guidance on safeguarding organizations against BYOVD-based tools." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"] per month to ,500 or more for comprehensive packages. Trend Micro researchers recommend advanced detection mechanisms and proactive threat hunting strategies to mitigate risks from EDR-killing tools.

Tech Optimizer

September 22, 2024

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Recent findings indicate a significant rise in malware infections linked to malvertising campaigns utilizing a loader called FakeBat. The Mandiant Managed Defense team reports that these attacks target users seeking popular business software. The infection process involves a trojanized MSIX installer executing a PowerShell script to retrieve a secondary payload. FakeBat, also known as EugenLoader and PaykLoader, is associated with the threat actor Eugenfest and classified by Google’s threat intelligence team as NUMOZYLOD, connected to the Malware-as-a-Service operation UNC4536. The attack employs drive-by download techniques, directing users to counterfeit sites resembling legitimate software platforms, which host compromised MSI installers. This leads to the installation of various malware families, including IcedID, RedLine Stealer, Lumma Stealer, SectopRAT, and Carbanak, linked to the FIN7 cybercrime group. UNC4536's strategy involves distributing trojanized MSIX installers disguised as popular software like Brave, KeePass, Notion, Steam, and Zoom. The MSIX installers can execute a script before launching the main application, using a configuration known as startScript. UNC4536 acts as a malware distributor, with FakeBat delivering subsequent payloads to associates, including the FIN7 group. NUMOZYLOD collects system information, such as operating system details and installed antivirus products, and may capture public IPv4 and IPv6 addresses, sending this data to its command and control server. It also creates a shortcut in the StartUp folder for persistence. This report follows Mandiant's earlier disclosure about another malware downloader, EMPTYSPACE, used by the financially motivated threat cluster UNC4990 for data exfiltration and cryptojacking in Italy.

TrendTechie

September 19, 2024

qBittorrent 4.6.7 / 5.0.0 RC1

The qBittorrent project is an open-source, multi-platform BitTorrent client that offers a user-friendly interface and a comprehensive Web UI for remote management. Key features include a polished user interface, an extensible search engine, simultaneous search capabilities, support for all BitTorrent extensions, advanced features like DHT and full encryption, remote control options, torrent queueing and prioritizing, content selection, port forwarding support, multilingual availability, a torrent creation tool, advanced RSS support, bandwidth scheduling, IP filtering, IPv6 compliance, and cross-platform availability. Recent updates include enhancements and bug fixes in versions 4.6.7 and 5.0.0 RC1, such as improved updater functionality, WebUI fixes, a transition to Start/Stop functionality, the introduction of a Popularity metric for torrents, enhanced clipboard functionality, the ability to pause/resume entire sessions, and various bug fixes related to tracker tiers, naming consistency, and download progress display. Versions 4.6.7 and 5.0.0 RC1 are available for download.

Winsage

August 29, 2024

PoC Exploit for Zero-Click Vulnerability Made Available to the Masses

A zero-click vulnerability identified as CVE-2024-38063 affects all Windows systems with IPv6 enabled, allowing for remote code execution without user interaction. Discovered by XiaoWei from Kunlun Lab, it impacts Windows 10, Windows 11, and Windows Server systems. The proof-of-concept exploit code has been made publicly available on GitHub by security researcher Ynwarcs. Microsoft has urged users to apply the latest security updates and monitor unusual IPv6 packet activity to mitigate risks associated with this vulnerability.

Winsage

August 29, 2024

PoCcode released for zero-click Windows critical vuln

A critical vulnerability in Windows, designated CVE-2024-38063, has been identified with a CVSS score of 9.8, allowing unauthenticated attackers to execute code remotely on unpatched machines via specially crafted IPv6 packets. All versions of Windows 10, Windows 11, and Windows Server are affected. A temporary workaround is to disable IPv6 and revert to IPv4. Microsoft released a patch for this vulnerability on August 13, but system administrators often delay patch installations, leading to exploitation opportunities. A developer has released proof-of-concept code for the vulnerability. Marcus Hutchins noted the rapid identification of the flaw, which stemmed from a single change in the driver file. Users are urged to patch their systems promptly to mitigate risks.