network Archives

Winsage

May 29, 2025

This is what data your Windows PC is actually sending back to Microsoft

Windows collects telemetry data, which includes hardware specifications, installed software, and system events, but does not reveal personally identifiable information. This data is encrypted and sent via HTTPS during significant events like system crashes. Users can manage optional data collection settings during initial setup or in the Privacy section of the Settings app, with enterprise versions offering more control. Mandatory data collection in Windows is more extensive than in macOS, while Linux has minimal data collection due to its decentralized structure. Users can disable some data collection, but some information will always be gathered unless advanced measures are taken.

Tech Optimizer

May 29, 2025

Sophos warns MSPs over DragonForce threat

Sophos has warned managed service providers (MSPs) about their vulnerability to ransomware attacks targeting remote monitoring and management (RMM) tools. They reported a ransomware incident involving DragonForce, where attackers accessed the SimpleHelp RMM to deploy ransomware across multiple endpoints and exfiltrate sensitive data using a double extortion strategy. An alert was triggered by a suspicious SimpleHelp installer file pushed through the MSP's legitimate RMM instance. MSPs utilizing Sophos's managed detection and response (MDR) services successfully prevented hacker access, while those without security investments were impacted by the ransomware and data exfiltration. Following the incident, the affected MSP sought help from Sophos Rapid Response for digital forensics. Mark Appleton from Also Cloud UK stressed the importance of MSPs investing in advanced exposure management tools to mitigate cyber threats, noting that endpoints are primary targets for breaches. He highlighted the significance of continuous threat exposure management as essential for MSPs to protect themselves and their clients from attacks.

AppWizard

May 28, 2025

Japanese Government Releases Free ‘Minecraft’ Map

The Japanese government has released a free Minecraft map replicating the G-Cans underground flood facility, developed by the Ministry of Land, Infrastructure, Transport and Tourism (MLIT). The G-Cans, completed in 2006, is the largest underground flood diversion system in the world, designed to manage overflow from Tokyo's waterways during heavy rainfall. The Minecraft map accurately reflects the facility's design, including five large concrete silos and a network of tunnels spanning 6.4 kilometers. It was created using actual blueprints to provide a realistic experience. The G-Cans features a water tank that is 83 feet high and can discharge up to 200 metric tons of water into the Edo River every second. The map is available on the Edogawa River Office homepage.

AppWizard

May 28, 2025

Telegram Signs $300M Deal With Elon Musk’s xAI to Integrate Grok AI Into Its Messaging App

Telegram has partnered with Elon Musk's xAI to integrate the Grok AI service into its app for one year. The agreement includes a financial component of 0 million in cash and equity from xAI, along with 50% of the revenue from xAI subscriptions sold on Telegram. Telegram is also seeking to raise .5 billion through a bond offering, supported by investors like BlackRock, Mubadala, and Citadel, to repurchase debt from a previous bond issuance in 2021. Telegram reported a profit of million on revenues of .4 billion in 2024, and the TON token, the native currency of the TON Network, rose 18.5% following the announcement.

Winsage

May 28, 2025

Microsoft wants Windows to update all software on your PC

Microsoft has introduced an update orchestration platform to improve the Windows Update infrastructure, streamlining the updating process for applications, drivers, and system components. Developers and IT teams can onboard updates using Windows Runtime (WinRT) APIs or PowerShell commands and can join the private preview by contacting unifiedorchestrator@service.microsoft.com. The platform includes an update scan tool that manages downloads and installations based on user activity, power status, and network conditions, while also handling restart requirements and notification deadlines. It is currently in private preview for developers creating apps or management tools for updates, supporting applications packaged as MSIX, APPX, or Win32 installers. The platform offers a consistent notification experience and centralized app update history within the Settings app, and it works alongside Microsoft's Winget package manager and third-party tools like Chocolatey and Scoop.

Winsage

May 28, 2025

The Windows File Explorer is still so bad when it comes to networked drives

File Explorer in Windows 11 has usability issues, particularly with sluggish search functionality and problems accessing networked drives. Users often experience drives disappearing after reboot, inaccessibility to files, and freezing of File Explorer, with error codes like c0000375 indicating deeper issues. The networked drive feature relies on outdated technology, as Microsoft has deprecated older protocols like SMBv1, complicating file sharing. Users can mitigate freezing by restarting File Explorer and ensuring network settings are correctly configured, such as setting Wi-Fi to private and enabling file sharing options. Excessive pinned items in Quick Access can cause crashes, and clearing the cache may resolve these issues. Alternatives to File Explorer, like XYplorer and File Pilot, can provide better access to networked drives. Overall, the challenges stem from outdated technology and the corruption of the Quick Access cache, with third-party solutions available for relief.

Tech Optimizer

May 27, 2025

BIOS and Bootloaders in the Crosshairs: Growing Firmware Threats

Hackers are increasingly targeting the startup sequence of systems, focusing on BIOS, UEFI, and bootloaders, which allows them to bypass traditional operating system defenses. Firmware threats often evade conventional security measures, providing attackers with a persistent foothold. Notable bootkits like BlackLotus, BootHole, and EFILock exploit vulnerabilities in boot components, even those protected by Secure Boot. Attackers can embed malicious code in firmware or replace legitimate bootloaders, maintaining control through OS reinstalls and hardware replacements. Common attack vectors include compromised storage, network connections, or console inputs during boot. Malicious code can execute before security software activates, and attackers may exploit misconfigured or outdated signature databases, as well as downgrade attacks on older firmware versions. To mitigate these threats, organizations should enforce Secure Boot policies, regularly update signature databases, and monitor boot behavior for anomalies.

Winsage

May 27, 2025

Computers running on Microsoft’s Windows 10 must be updated

Microsoft will end support for Windows 10 on October 14, meaning devices will no longer receive security updates, bug fixes, or technical support, which could lead to security vulnerabilities. At Case Western Reserve University (CWRU), many computers can be upgraded to Windows 11 without disruption, and the upgrade process is being managed by University Technology ([U]Tech). Some devices may need assessment for compatibility, and [U]Tech will contact those affected. Early planning is important to avoid disruptions, ensure budget allocation, and maintain security. Users should contact [U]Tech if they have not been reached by June 30 and provide their device information. Assistance is available through various channels, including a support form and the [U]Tech C.A.R.E. Center.

Winsage

May 25, 2025

Windows Passwords Are Under Attack — Do These 7 Things Now

Microsoft Windows is a target for cybercriminals, particularly regarding password theft. Trend Micro has reported an increase in fraudulent Captcha attacks that trick users into executing malicious commands through the Windows Run dialog, leading to data theft and malware infections. These attacks utilize PowerShell and can deploy various malware types, including Lumma Stealer and AsyncRAT. Despite efforts to disrupt the Lumma Stealer network, threats persist, exploiting legitimate platforms. Microsoft recommends users adopt safer online practices and outlines seven mitigations for organizations: disable access to the Run dialog, apply least privilege, restrict access to unapproved tools, monitor unusual behavior, harden browser configurations, enable memory protection, and invest in user education.

Winsage

May 25, 2025

The Windows Performance Monitor is one of the best built-in tools you’re not using

Performance Monitor is an advanced tool in Windows 11 that provides detailed insights into system performance, allowing users to monitor resource usage in real-time. It offers various performance counters, including battery status and network adapter performance, and supports different visualization formats like line graphs and histograms. Users can display multiple graphs simultaneously and save specific settings as an HTML file for easier analysis. Additionally, Performance Monitor can generate detailed reports based on predefined Data Collector Sets, enabling tailored data collection for critical metrics such as CPU usage and processor interrupts. Users can access Performance Monitor via the Start menu or by typing "perfmon" in the Run dialog.