multifactor authentication Archives

Winsage

November 22, 2025

Data Doctors: Beware fake Windows Defender alerts

Microsoft's Windows Defender has vulnerabilities that can be exploited by cybercriminals, including a method to remotely disable it using a trusted Windows driver. There has been an increase in counterfeit "Windows Defender" pop-ups that prompt users to call a phone number, connecting them to scammers. These pop-ups do not originate from Microsoft and are often triggered by compromised websites or malicious ads. Scammers use these alerts to gain remote access to victims' computers under the pretense of fixing non-existent issues, often charging for fraudulent services or installing malware. Windows Defender struggles against advanced threats, lacks deeper monitoring capabilities, and is a prime target for attackers due to its widespread use. A multi-faceted security approach, including third-party solutions like Trend Micro, is recommended to address these gaps and enhance protection. Additionally, maintaining smart security habits, such as updating software and using strong passwords, is crucial for overall system security.

AppWizard

October 30, 2025

Google eases U.S. Android app billing and distribution rules

Google is implementing changes to Android app distribution and billing in the U.S. following a federal court injunction related to the Epic Games antitrust case. This allows Android users to see links within apps directing them to external websites, alternative app stores, or merchant purchase pages, enabling various payment methods beyond Google Play Billing, such as credit cards, PayPal, and direct merchant checkouts. Developers can now promote their own stores and route transactions through any payment processor, potentially offering lower prices or promotional offers. This policy shift applies only to U.S. app users, with existing policies remaining in place for other regions. Historically, Play Store fees were as high as 30%, but the new ability to transact outside the Play Store may lead to cost savings for consumers and increased investment in user acquisition and content development by companies. Developers are expected to experiment with pricing strategies, including web-only introductory rates and loyalty discounts. Google must now compete for developer loyalty based on service quality rather than just platform policies. User trust and safety remain priorities for Google, which will continue to enforce measures to deter scams and harmful applications. Developers will need to implement secure transaction flows and recognizable domains to maintain user confidence. Key questions for the future of the U.S. Android app ecosystem include whether consumer prices will decrease, if major brands will adopt external checkout strategies, and how Google will enhance discovery and compliance tools for developers.

Tech Optimizer

October 9, 2025

Business security worries during the move to Windows 11?

Windows 11 will replace Windows 10 on October 14th and is designed with enhanced security features, making it the most secure operating system to date. It requires a motherboard and CPU that support Secure Boot to protect against malicious code during startup. The operating system integrates artificial intelligence within its Windows Security suite for improved threat detection and data protection. Key components include Microsoft Defender Antivirus, which offers real-time alerts and a centralized command center, and Windows Defender SmartScreen, which analyzes potential threats from websites and downloads. Additional security features include Windows Firewall, Bluetooth Protection, Secure Wi-Fi, and enhanced VPN functionality. Windows 11 also focuses on identity security with biometric access through Windows Hello and multifactor authentication via Microsoft Authenticator. The operating system is linked to Microsoft Accounts for centralized data management and includes a Find My Device feature for locating or locking stolen PCs. RCT Cloud is a recommended vendor for assistance with the Windows 11 upgrade, providing Microsoft licenses and support.

AppWizard

October 2, 2025

ESET Research discovers new spyware posing as messaging apps targeting users in the UAE

ESET Research has identified two new families of Android spyware: Android/Spy.ProSpy and Android/Spy.ToSpy. These malware campaigns target users of secure communication apps, specifically Signal and ToTok, and are distributed through deceptive websites and social engineering, primarily focusing on residents of the United Arab Emirates (UAE). Android/Spy.ProSpy pretends to be upgrades for the Signal and ToTok apps, while Android/Spy.ToSpy targets ToTok users exclusively. Both spyware families require manual installation from unofficial sources, as they are not available in official app stores. The ProSpy campaign was first noted in June 2025 but is believed to have been active since 2024, using misleading websites to distribute malicious APKs. ESET's findings indicate that the ToSpy campaigns are still ongoing, with command and control servers still operational. The spyware collects sensitive data, including contacts, SMS messages, and files, once installed. Users are advised to be cautious when downloading apps from unofficial sources and to avoid enabling installations from unknown origins.

Tech Optimizer

June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 2, 2025

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

The tech community is celebrating the first "World Passkey Day," moving away from "World Password Day," with Microsoft and other organizations committing to the Passkey Pledge to promote passkey adoption. Microsoft has developed passkeys as a secure authentication method, replacing traditional passwords and allowing access via facial recognition, fingerprints, or PINs. Over 99% of users now prefer Windows Hello for sign-ins, and hundreds of websites support passkeys, which are resistant to phishing. Last year, there were 7,000 password attacks every second, highlighting the urgency of this transition. Microsoft has introduced passkey support for consumer applications, achieving nearly a million registrations daily, with passkey sign-ins being three times more successful and eight times faster than traditional methods. New Microsoft accounts will be created without passwords by default, and the sign-in process will prioritize passwordless methods. Currently, over 15 billion user accounts can use passkeys, with a goal to transition billions more.

Winsage

April 30, 2025

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

The ability to use a revoked password for Remote Desktop Protocol (RDP) access on Windows machines linked to Microsoft or Azure accounts allows users to log in with either a dedicated password or the credentials from their online account. Even after changing the account password, the old password remains valid for RDP logins indefinitely, and in some cases, multiple previous passwords may still grant access. This behavior poses significant security risks, especially if the account has been compromised, as changing the password does not block access via RDP with the old password. The issue arises from credential caching on the local machine, where the initial login credentials are stored securely, allowing continued access without online verification.

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

Winsage

March 22, 2025

How to disable the Windows Hello feature with Intune

Windows Hello allows users to authenticate in Windows using biometric data or a PIN, with enhanced features in Windows Hello for Business, including device authentication and integration with Conditional Access. It is recognized by NIST as a multifactor authentication (MFA) method, combining a device with a Trusted Platform Module (TPM) and a PIN or biometric data. However, the second factor is not portable, which may be a concern for some organizations. For those not using Windows Hello for Business, IT administrators can disable it through Microsoft Intune using two methods: by adjusting enrollment options or creating an account protection policy.