Mail Archives

Winsage

April 17, 2025

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054 is a vulnerability that allows attackers to capture NTLMv2-SSP hashes from a victim's machine during authentication requests to an attacker-controlled SMB server. Active exploitation of this vulnerability has been observed since March 19, 2025, targeting government and private sectors in Poland and Romania. The attacks involve phishing emails that lead victims to download an archive file containing exploits designed to leak NTLMv2-SSP hashes. Microsoft has released patches for this vulnerability, but users on older, unsupported versions may need to consider micropatching.

Winsage

April 11, 2025

Microsoft starts trimming the clock on Windows 10

Microsoft is testing a change that removes the seconds display from the Calendar flyout in Windows 10, coinciding with the operating system's approaching end-of-support date in October. The update to build 19045.5737 includes bug fixes but strips away the clock feature for some users as part of an A/B testing phase. User reactions on platforms like Reddit indicate frustration over this change, which may be linked to the new Outlook application introduced earlier this year. Restoring the previous functionality requires technical skills in registry editing, and the new design is criticized for providing less information and having a visually unappealing layout. While Windows 11 still supports the seconds display, some Windows 10 users do not have this feature. Microsoft has also released a checklist advising Windows 10 users to consider upgrading their machines.

AppWizard

April 11, 2025

Malay Mail’s Top 10 Picks: ‘A Minecraft Movie’ tops local box office, ends ‘Ne Zha 2’s’ weeks-long reign

Kuala Lumpur's entertainment industry is seeing an increase in video game adaptations, with the Minecraft Movie recently becoming the ninth-highest-grossing video game adaptation and taking the top spot at the local box office, ending Ne Zha 2's reign. Current top films in local cinemas include A Minecraft Movie, Ne Zha 2, and Pabrik Gula, among others. On streaming platforms, Netflix's top shows include Weak Hero: Class 1 and Karma: Season 1, while Viu features Bidaah and Undercover High School. Spotify's top songs for the week include tracks by JENNIE and Billie Eilish, and the top Malay songs feature Ara Johari and Nadeera. The latest bestsellers in fiction include Lyrics & You by Nuruljannah Usop and A Little Life by Hanya Yanagihara, while non-fiction bestsellers include Atomic Habits by James Clear and Surrounded by Idiots by Thomas Erikson.

Winsage

April 8, 2025

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

April 2025 Patch Tuesday introduced fixes for over 120 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS), allowing privilege escalation to SYSTEM on compromised Windows machines. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. Updates for Windows 10 are not yet available. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, both unauthenticated user-after-free vulnerabilities in Windows LDAP, and CVE-2025-27480 and CVE-2025-27482 in Windows Remote Desktop Services. None of these vulnerabilities have been patched for Windows 10 systems, but updates are forthcoming. Microsoft reversed its decision to discontinue driver update synchronization to WSUS servers, confirming that WSUS will continue to synchronize driver updates.

Winsage

April 3, 2025

Microsoft Warns 240 Million Windows Users—Stop Using Your PC

Microsoft's support for Windows 10 will end on October 14, prompting the company to advise users with ineligible PCs—estimated to be as high as 240 million—to recycle their devices and upgrade to Windows 11. Microsoft warns that unsupported devices will be vulnerable to data breaches and cyber threats without security updates. There has been an increase in upgrades to Windows 11 as the deadline approaches, but options for those unable to upgrade are limited. Microsoft encourages responsible recycling and offers trade-in programs, though these may not provide significant financial returns. Users can also consider paid extended support for an additional 12 months.

Tech Optimizer

March 19, 2025

Apple releases emergency security update for serious vulnerability

A security vulnerability identified as CVE-2025-24201 affects Apple devices, specifically those using WebKit, and can expose personal information to attackers. This vulnerability has been exploited in targeted attacks against users of older iOS versions prior to 17.2. Apple has released emergency patches through iOS 18.3.2 and iPadOS 18.3.2 to address this issue. The affected devices include iPhone XS and later models, as well as various iPad models from the 7th generation and later. Users are advised to update their devices immediately to mitigate risks.

Winsage

March 18, 2025

You Can Get Microsoft Office 2021 for Mac for Just $80 Right Now

Microsoft Office Home & Business 2021 for Mac is available for a one-time purchase of .95, which is a 63% discount from its standard price of 9.99. This software is compatible with macOS Ventura (version 13) or later and includes applications such as Word, Excel, PowerPoint, Outlook, and OneNote. The offer ends on March 30, and the license allows installation on a single Mac linked to a Microsoft account. Users need a minimum of 4GB of RAM and 10GB of free storage, and the software can be used without an internet connection. The code must be redeemed within seven days of purchase. This version does not include AI features or OneDrive cloud storage, and there will be no feature updates beyond security fixes.

AppWizard

February 25, 2025

Popular Android financial help app is actually dangerous malware

Cybersecurity researchers discovered a predatory loan application called SpyLoan on the Google Play Store, which targeted Indian consumers and achieved around 100,000 downloads before being removed. The app presented itself as a financial management tool but required extensive permissions, accessing sensitive user information. User reviews indicated experiences of blackmail and low loan amounts. SpyLoan falsely claimed affiliation with a registered non-banking financial company and redirected users to download a separate loan application from an external site, circumventing some Google safeguards. Google confirmed the app's removal and stated that Android devices are protected against known malware through Google Play Protect.

Tech Optimizer

February 25, 2025

Avast to pay $16.5 million to antivirus software users: How to claim, deadline, and other details

Avast has reached a settlement with the FTC, agreeing to pay .5 million to users due to allegations of misleading privacy claims while collecting and selling user data through its subsidiary, Jumpshot. Approximately 3,690,813 consumers who purchased Avast's antivirus software between August 2014 and January 2020 are eligible for compensation. Eligible consumers must file claims by June 5, 2025, and refunds are expected to be processed by mail in 2026. Payments will vary based on the number of claims submitted.

Winsage

February 23, 2025

12 Settings You Should Immediately Change On Your New Windows Laptop

Windows 11 introduces new features and settings that may require adjustments for user preferences. 1. To clean up the lock screen, go to Settings > Personalization > Lock Screen and set "Lock screen status" to "None" or select a relevant widget. Uncheck "Get fun facts, tips, tricks, and more on your lock screen" for a minimalist appearance. 2. To move the Start menu back to the left, navigate to Settings > Personalization > Taskbar and change the alignment to "Left." You can also customize pinned apps in the Start menu. 3. To trim down notifications, visit Settings > System > Notifications and disable unnecessary notifications or set up Do Not Disturb. 4. To disable the advertising ID, go to Settings > Privacy & Security > General and turn off "Let apps show me personalized ads by using my advertising ID." Also, disable "Show me suggested content in the settings app." 5. To reduce Windows location permissions, go to Settings > Privacy & Security > Location and disable permissions for specific apps. 6. To disable inking and typing personalization, navigate to Settings > Privacy & Security > Inking and Typing Personalization and toggle it to "Off." Consider disabling "Online speech recognition" under Privacy & Security > Speech. 7. To turn off diagnostic and feedback settings, go to Settings > Privacy & Security > Diagnostics & feedback and turn off "Send optional diagnostic data." 8. To disable delivery optimization, navigate to Settings > Windows Update > Advanced options > Delivery optimization and set "Allow downloads from other PCs" to "Devices on my local network." 9. To disable Copilot, go to Settings > Personalization > Taskbar and toggle off Copilot or uninstall it via Apps > Installed Apps. 10. To disable Recall, navigate to Settings > Privacy & Security > Recall & Snapshots and turn off the "Save snapshots" toggle. 11. To remove unwanted apps, use tools like Geek Uninstaller or Revo Uninstaller to thoroughly uninstall applications and clean up leftover files. 12. PowerToys, a collection of utilities from Microsoft, can enhance productivity and can be downloaded from GitHub or the Microsoft Store. Disable any unused utilities after installation to conserve resources.