leaks Archives

AppWizard

November 8, 2024

Samsung Health Monitor app ends support for Android 11 and older phones this December

Samsung Electronics is preparing to introduce seamless software updates with its upcoming Galaxy S25 series. This feature will allow updates to be downloaded in the background and installed on an inactive partition, minimizing downtime during the update process. Users will only experience a brief interruption during reboot, contrasting with the longer downtimes of traditional updates. The Galaxy S25 series is expected to feature a larger display, potentially a more rounded back on the S25 Ultra for comfort, and will be powered by the Snapdragon 8 Elite. It is rumored to launch in January 2025 with Android 15-based One UI 7 software. There is no official confirmation from Samsung regarding these features or specifications, as the information is based on leaks and rumors.

BetaBeacon

November 5, 2024

Have too many games on your phone? Google Play could help you continue playing (APK teardown)

Google Play Store will introduce a new section within the Games tab that allows users to easily track all the games installed on their phones. This feature will make it convenient to continue playing games and keep track of installation dates and last play times.

Winsage

October 31, 2024

New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials

Security researchers at Acros have identified a new zero-day vulnerability (CVE-2024-38030) related to Windows theme files that can lead to the potential exposure of NTLM credentials. This vulnerability affects multiple Windows platforms, including Windows 11 (version 24H2). The issue arises when a theme file specifies a network file path for certain properties, causing Windows to send authenticated network requests to remote hosts, which can result in credential leaks if a malicious theme file is used. Microsoft issued a patch for an earlier related vulnerability (CVE-2024-21320), but researchers found it insufficient for systems that had stopped receiving updates. A more comprehensive patch has been developed by researchers to address all execution paths that could lead to credential leaks, and users of the micropatch service 0patch are currently protected against this vulnerability. The micropatches are available for all supported Windows versions and some legacy versions, specifically for Windows Workstation, and not for Windows Server.

Winsage

October 30, 2024

New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security – SOCRadar® Cyber Intelligence Inc.

A newly identified zero-day vulnerability in Windows Themes files allows attackers to exploit NTLM credential leaks by simply having a malicious theme file viewed in Windows Explorer. This vulnerability, reported by ACROS Security, affects fully updated Windows systems, including Windows 11 24H2, and enables remote credential theft without user interaction. Microsoft previously addressed a related issue with a patch for CVE-2024-21320, but researchers discovered that attackers could bypass this fix, leading to the emergence of CVE-2024-38030. ACROS Security has released a temporary micropatch via their 0patch service to prevent NTLM leaks by accurately detecting network paths within theme files. The vulnerability allows attackers to execute NTLM relay and pass-the-hash attacks across multiple Windows versions, from Windows 7 to Windows 11 24H2. A demonstration showed that transferring a malicious theme file to an unpatched PC triggers a network connection that sends NTLM credentials to the attacker, while the micropatch blocks this connection.

Winsage

October 29, 2024

Patching problems: The “return” of a Windows Themes spoofing vulnerability

0patch researchers have identified a security vulnerability in Microsoft’s Windows operating system related to NTLM authentication credentials that persists despite two prior patches. The vulnerability, CVE-2024-21320, involves Windows Themes spoofing, allowing attackers to exploit a malicious .theme file to leak user credentials without interaction. Microsoft initially addressed this issue in January 2024 but later released a second incomplete patch (CVE-2024-38030) that did not fully resolve the vulnerability. 0patch has developed micropatches for affected users, applicable to both supported and legacy Windows versions, specifically for Windows Workstation. The vulnerability poses a risk if users apply themes from untrusted sources, as it can lead to credential leaks.

AppWizard

October 26, 2024

WeChat among apps banned from Hong Kong govt computers

Hong Kong's government has updated its information security guidelines to enhance cybersecurity, restricting the use of messaging and cloud storage applications like WeChat, WhatsApp, and Google Drive on government-operated computers. The Digital Policy Office cited concerns over end-to-end encryption technology in these services that could bypass cybersecurity defenses, making it challenging to detect and respond to threats. The new regulations, inspired by measures in the U.S. and mainland China, will take effect at the end of October, with potential exceptions approved by department heads. Additionally, a new cybersecurity law is expected to be introduced by the end of the year to address critical infrastructure security.

AppWizard

October 26, 2024

Nintendo’s secret Minecraft-style and Roblox-like game is being leaked online

Nintendo sent Non-Disclosure Agreements (NDAs) to over 10,000 players for a playtest of a new unannounced game, which is expected to be an MMO combining elements of Minecraft and Roblox. Despite the NDAs, leaks have occurred, prompting Nintendo to issue DMCA takedown notices. Leaked content includes images of the game's landscapes and character designs, videos of gameplay mechanics, community discussions about the game's name and release date, and fan art. The game will feature a vibrant world where players can create, explore, and expand territories by constructing floating islands.

BetaBeacon

October 24, 2024

What we know about the leaked Switch and mobile Pokémon multiplayer game that was headed for release

Gamefreak leaks revealed a potential cross-platform Pokémon multiplayer game in development since 2019 for Nintendo Switch and mobile. The game involved riding Pokémon rodeo style. The game, possibly named Rhodeo, was later confirmed to be cancelled.

AppWizard

October 21, 2024

Nintendo Switch Online Playtest Leaks Emerge: Reveal Upcoming Minecraft Style MMO

Nintendo's playtest for a new MMO game will begin on October 23 at 6:00 PM PT and end on November 5 at 5:00 PM PT, exclusively for 10,000 registered participants. Leaked details suggest the game involves players collaborating to develop a planet through resource management, with challenges from emerging enemies. Key features include 'Beacons' that enhance the land, a social space called “Dev Core,” and user-generated content tools. The game requires 2.2GB of free space for download, and while there is no non-disclosure agreement, Nintendo has requested participants not to share details, leading to leaks and copyright strikes.

AppWizard

October 21, 2024

The mysterious Nintendo Switch playtest has seemingly leaked, and it looks like a Minecraft meets MMO game in which players “develop” a planet together

Nintendo is testing a secretive "new feature" for Switch Online, with a playtest program that filled up in seven minutes. Leaks suggest the development of a new MMO-style game inspired by Minecraft, featuring RPG elements where players can level up characters and engage in combat.