network Archives

Winsage

May 10, 2025

Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network

Threat actors are exploiting Windows Remote Management (WinRM) to navigate through Active Directory environments stealthily, allowing them to bypass detection systems, escalate privileges, and deploy malicious payloads. WinRM operates on HTTP port 5985 and HTTPS port 5986, enabling remote command execution and management tasks. Attackers can gain access through compromised credentials and use WinRM-enabled PowerShell commands for reconnaissance, deploying payloads while evading detection. The attack chain includes initial access, reconnaissance, payload deployment, persistence, and lateral movement, often utilizing techniques that obfuscate malicious activities. Detecting such attacks is challenging due to the use of built-in Windows functionalities and encrypted channels. Recommended mitigation strategies include monitoring for unusual activity, restricting WinRM access, enforcing credential hygiene, and implementing advanced monitoring solutions.

Tech Optimizer

May 9, 2025

Does Antivirus Software Collect Your Data

Antivirus software collects various types of data to protect systems, including system details (operating system version, RAM, CPU type, computer name), network data (local and external IP addresses, DNS server, network name), user data (Windows username, time zone, language, general location), browsing history (if web protection features are enabled), and file-related information (file names, locations, hashes, and sometimes entire files). The AV-Comparatives report indicates that while some antivirus companies manage data responsibly (e.g., F-Secure, G Data, K7), others (e.g., Norton, Panda, McAfee) have been criticized for poor practices. Data sharing can enhance malware detection but poses privacy risks, as seen in AVG's past actions of selling user browsing history. Users can limit data collection by adjusting settings, reviewing installation agreements, avoiding free antivirus software, choosing privacy-conscious vendors (like F-Secure, ESET, G Data), and reading privacy policies. Despite concerns about data collection, antivirus software is essential for protection against cyber threats, and selecting a transparent provider can help safeguard privacy.

Winsage

May 8, 2025

How to Recover Permanently Deleted Files on Windows 10/11 with/without Backup

Data loss can occur due to human error, software malfunctions, hardware failures, system crashes, and issues with cloud storage services. Immediate recovery methods include restoring files from the Recycle Bin, using the Undo Delete feature, and utilizing the File History feature. For recovery with a backup, methods include restoring files via Google Drive and using the Windows Backup & Restore feature. For permanently deleted files without a backup, options include using free data recovery software and the Windows built-in app. Tips to prevent file deletion include enabling the Recycle Bin and File History, using cloud storage for backups, double-checking before deletion, considering third-party backup tools, and safeguarding against malware.

AppWizard

May 8, 2025

Props for the honesty: Tim Sweeney says the reason ‘people characterize the Epic Games launcher as clunky’ is—wait for it—’because the Epic Games launcher is clunky’

Tim Sweeney, CEO of Epic Games, described the Epic Games Store launcher as "clunky" and acknowledged that many users find it slow and cumbersome compared to Steam. The Epic launcher received a score of 41% in a recent evaluation, ranking behind competitors like the Microsoft Store and EA, and significantly trailing Steam and GOG Galaxy. Performance issues vary based on a user's proximity to a content delivery network and the size of their game library, with slower internet connections exacerbating loading frustrations. Sweeney believes the Epic launcher should incorporate convenient features from Steam while maintaining its unique advantages. He emphasized the importance of connecting players across platforms and criticized Valve for not allowing cross-platform functionality with Steamworks. Sweeney also addressed negative backlash against developers using Epic Online Services, citing harassment related to crossplay features. Users seeking alternatives to the Epic launcher can consider GOG Galaxy or Heroic, which are noted for better functionality.

Winsage

May 7, 2025

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, to execute zero-day attacks, gaining SYSTEM privileges and deploying malware. Microsoft recognized this flaw and issued a patch during last month's Patch Tuesday. The gang targeted sectors including IT and real estate in the U.S., the financial sector in Venezuela, a Spanish software company, and retail in Saudi Arabia. They used the PipeMagic backdoor malware to deploy the CVE-2025-29824 exploit and install ransomware payloads. Symantec's Threat Hunter Team linked these activities to the Play ransomware-as-a-service operation, noting the use of the Grixba infostealer tool. The Play ransomware group, active since at least June 2022, employs double-extortion tactics and has compromised approximately 300 organizations globally as of October 2023. Notable victims include Rackspace, Arnold Clark, the City of Oakland, Dallas County, Antwerp, and Microchip Technology.

Winsage

May 7, 2025

Microsoft moved the goalposts before. Could it happen again?

Retired Microsoft engineer Dave Plummer has expressed concerns about the hardware requirements for Windows 11, questioning whether they are genuinely for security or a sales strategy. He noted that many PCs excluded from compatibility due to the lack of TPM 2.0 or modern CPUs are not necessarily old or underpowered. Plummer highlighted that Microsoft's history of discontinuing support for older operating systems, like Windows XP and 7, was typically based on security and compatibility challenges. He warned that future versions of Windows could impose even stricter hardware demands, potentially leaving many functional PCs unable to upgrade. Additionally, he pointed out the ambiguity behind Microsoft's refusal to allow users to opt out of security enhancements if they lack the necessary hardware, raising concerns about potential e-waste. Many users are hesitant to transition to Windows 11, and while hardware compatibility is a factor, it is part of a broader decision-making process. Microsoft’s shift towards a subscription model and the introduction of new hardware requirements suggest a significant evolution in Windows.

Winsage

May 6, 2025

My week with Linux: I’m dumping Windows for Ubuntu to see how it goes

BitLocker encryption is enabled by default on most Windows 11 systems, which can hinder the installation of Ubuntu. To proceed with the installation, BitLocker was temporarily disabled through the Control Panel. A bootable USB drive for Ubuntu was created using Rufus with an SK hynix Tube drive. The Ubuntu 25.04 ISO file, known as "Plucky Puffin," was downloaded at 5.8GB in about a minute. The decision was made to install Ubuntu 25.04 instead of the more stable Ubuntu 24.04 LTS due to a desire for the latest features. The installation was planned for both a ThinkPad X1 Carbon and a custom-built desktop with an AMD Ryzen 9 7950X CPU.

Tech Optimizer

May 6, 2025

Databricks reportedly could acquire serverless database startup Neon for $1B+

Databricks Inc. is in advanced discussions to acquire Neon Inc., a startup specializing in a commercial version of the open-source PostgreSQL database, with the deal anticipated to exceed billion. Neon, based in San Francisco, has raised over 0 million in funding, including contributions from Microsoft's M12 fund. Neon’s PostgreSQL distribution features a serverless architecture that dynamically adjusts hardware resources based on workload demands, allowing for separate provisioning of storage and processing power. It also includes an innovative connection pooling feature to minimize resource drain when establishing network connections. Neon enhances its offering with a cybersecurity tool for granular user access control and the ability to revert databases to previous states in case of data loss. Databricks' interest in Neon may be linked to its suitability for AI applications, as it supports vector storage and can provision new database instances in as little as one second. Databricks has been actively pursuing acquisitions to enhance its AI capabilities, including recent purchases of Fennel AI Inc., Lilac AI Inc., and MosaicML Inc.

Winsage

May 6, 2025

This is what I’m doing with my old Windows 10 PC instead of trading it in like Microsoft wants me to

Numerous alternatives exist for extending the life of a Windows 10 PC instead of discarding it. 1. Installing Linux Mint can provide a user-friendly transition to a different operating system, allowing old hardware to remain functional. 2. Transforming the PC into a Network Attached Storage (NAS) device by installing an operating system like TrueNAS Scale can repurpose the hardware for file storage across a network. 3. There are emerging third-party support options that may offer security patches for Windows 10 after Microsoft ends its support, allowing users to continue using the operating system. Repurposing older technology promotes sustainability and offers new experiences.

Tech Optimizer

May 5, 2025

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, an e-commerce store specializing in handmade home décor, experienced a cybersecurity incident involving a malware strain called Chimera. The attack began during a routine update to their inventory management system and escalated within 12 hours, resulting in halted customer orders, locked employee accounts, and a crashed website. The attackers demanded a ransom of 0,000 in cryptocurrency, threatening to expose sensitive customer data. Chimera is an AI-driven malware that adapts its code to evade detection, targeting both Windows and macOS systems. It exploited a zero-day vulnerability in Windows' Print Spooler service and bypassed macOS security measures by forging code signatures. The malware used social engineering tactics to deceive employees into activating malicious payloads, leading to compromised systems and encrypted customer data. The recovery process took 48 hours, utilizing cybersecurity tools like CrowdStrike Falcon and SentinelOne Singularity to identify and isolate the malware. Data restoration was achieved through Acronis Cyber Protect and macOS Time Machine, while vulnerabilities were addressed with Qualys and emergency patch deployment via WSUS. The network security framework was improved using Cisco Umbrella and Zscaler Private Access to implement a Zero Trust architecture. The incident highlights the need for small enterprises to adopt proactive cybersecurity strategies, including a 3-2-1 backup approach, Zero Trust models, investment in AI-driven defense tools, and employee training to recognize social engineering attempts.