LAN Archives

AppWizard

April 25, 2025

Dune: Awakening will host a massive beta weekend in just a couple of weeks: ‘Tens of thousands of beta keys will be unleashed’

Dune: Awakening is set for official release on June 10. An extensive beta weekend will take place from May 9 to May 12, featuring the largest beta test to date. A Global Dune: Awakening LAN Party Broadcast will occur on May 10 from London and PAX East, where tens of thousands of beta keys will be distributed.

Winsage

April 19, 2025

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows, identified as CVE-2025-24054, is being exploited in phishing campaigns targeting government and private organizations. Initially considered low-risk, it was addressed in Microsoft's March 2025 Patch Tuesday updates. Following the release of these patches, Check Point observed a rise in exploitation attempts, particularly linked to the Russian group APT28. Attackers sent phishing emails with Dropbox links containing .library-ms files, which, when accessed, connected to an external SMB server controlled by the attackers, allowing interception of NTLM hashes. A subsequent wave of attacks involved .library-ms files sent as direct attachments, requiring minimal user interaction to exploit the vulnerability. The malicious ZIP archive also contained files exploiting older NTLM vulnerabilities. Check Point identified the attackers' SMB servers with specific IP addresses. Despite being classified as medium-severity, the vulnerability's potential impact is significant, prompting organizations to apply the March 2025 updates and consider disabling NTLM authentication if not essential.

Winsage

April 17, 2025

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A vulnerability in Windows, identified as CVE-2025-24054, is being actively exploited in phishing campaigns targeting government and private sectors. Initially addressed in Microsoft's March 2025 Patch Tuesday, it was not considered actively exploited at that time. Researchers from Check Point reported increased exploitation activities shortly after the patches were released, particularly between March 20 and 25, 2025. Some attacks were linked to the Russian state-sponsored group APT28, but definitive attribution is lacking. The vulnerability allows attackers to capture NTLM hashes through phishing emails containing manipulated .library-ms files that trigger the flaw when interacted with. Check Point noted that subsequent attacks involved .library-ms files sent directly, requiring minimal user interaction to exploit. The malicious files also included additional components that exploit older vulnerabilities related to NTLM hash leaks. The attacker-controlled SMB servers were traced to specific IP addresses. Although rated as medium severity, the potential for authentication bypass and privilege escalation makes it a significant concern, prompting recommendations for organizations to install updates and disable NTLM authentication if not necessary.

Winsage

April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.

Tech Optimizer

April 15, 2025

5 reasons I regret not deploying my own home firewall sooner

A hardware firewall enhances network security by monitoring and filtering all traffic, preventing unauthorized access based on pre-defined rules, and analyzing traffic patterns for anomalies. It employs Next-Generation Firewall technology for deep packet inspection, utilizes GeoIP restrictions, and runs Intrusion Prevention/Detection Systems (IPS/IDS). Implementing a Zero Trust architecture minimizes device access, and notifications alert users to new device connections. Segregating IoT devices onto a dedicated VLAN reduces security risks. A multi-layered security approach, including rules-based and deep packet inspection, is essential for comprehensive protection. Hardware firewalls often run on Linux or FreeBSD, allowing additional functionalities like ad blocking through services such as Pi-hole. Cataloging devices improves troubleshooting and network management. The adoption of hardware firewalls is increasingly necessary due to the rise of connected devices in homes.

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 26, 2025

Windows Passwords At Risk As New 0-Day Confirmed—Act Now

Windows users are facing multiple zero-day vulnerabilities affecting various operating system versions, including Windows 7, Server 2008 R2, and Windows 11 v24H2, with no official patch available from Microsoft. A new vulnerability allows attackers to obtain NTLM credentials by having a user view a malicious file in Windows Explorer. This vulnerability is distinct from a previously reported incident and remains undisclosed until Microsoft issues a patch. NTLM vulnerabilities can enable credential theft, and while not classified as critical, they have been exploited in real-world attacks. Users may need to wait for the next Patch Tuesday for an official fix, but can utilize a micro-patch solution from ACROS Security's 0patch to address the vulnerability temporarily.

AppWizard

March 22, 2025

Why McDonald’s Minecraft Movie Meal Is A Generational Block Party

McDonald’s Happy Meals have evolved into cultural artifacts, reflecting the interests of different eras, such as Beanie Babies in the '90s, Star Wars collectibles in the 2000s, and Pokémon trading cards in 2025. The introduction of the Minecraft Movie Meal highlights McDonald’s engagement with a cultural phenomenon that resonates with Millennials, Gen Z, and Gen Alpha. Food and gaming have become intertwined, with 56% of Gen Alpha spending weekends gaming, making it a key avenue for social interaction. Minecraft incorporates food as a vital gameplay component, emphasizing its role in community experiences. McDonald’s has successfully leveraged nostalgia and pop culture collaborations, with the Minecraft Movie Meal fostering intergenerational bonding similar to the Pokémon Happy Meal. This meal signifies the ongoing evolution of food, play, and nostalgia, reflecting the convergence of digital and physical play in contemporary culture.

AppWizard

March 3, 2025

Where to find the Pale Garden in Minecraft | Esports News – The Times of India

The Pale Garden is a new biome in Minecraft, a variant of the Dark Forest, featuring pale oak trees, Eye Blossoms, and Creaking mobs. It is located near Dark Forests, Jungles, old-growth taiga, or Birch Forests. Players can find it through exploration, using the Locate Command (/locate biome minecraft:pale_garden), or third-party tools like Chunkbase. In the Pale Garden, players can harvest pale oak wood, encounter hostile Creaking mobs, and collect Eye Blossoms that glow at night. Tips for exploring include carrying torches, staying alert for Creaking mobs, and collecting unique resources.

Winsage

February 23, 2025

The Windows Concept Journey — ICS (Internet Connection Sharing)

Internet Connection Sharing (ICS) is a feature in Windows that allows a device with internet access to share its connection with other devices on a local area network (LAN). To enable or disable ICS, users can go to the Control Panel, access "Network Connections," right-click on the LAN or Wi-Fi device, select "Properties," click on the "Sharing" tab, and toggle the checkbox for "Allow other network users to connect through this computer’s Internet connection." ICS can also be configured using PowerShell or the netsh.exe command. It provides services such as DHCP and NAT and can share various connection types, including dial-up, PPPoE, and VPN. ICS has been integrated with UPnP since Windows XP for remote discovery and control. The settings for ICS are stored in the Windows registry at "HKLMSOFTWAREPoliciesMicrosoftWindowsNetwork Connections."