network Archives

Tech Optimizer

May 23, 2025

Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has identified a new strain of backdoor malware that works with a Monero coin miner, utilizing the PyBitmessage library for covert P2P communications. This malware uses encryption to secure data exchanges and anonymize identities, complicating detection by security tools. It decrypts resources using XOR operations to deploy a Monero miner and a backdoor component. The Monero miner exploits the cryptocurrency's anonymity, while the backdoor, created with PowerShell, installs PyBitmessage and retrieves files from GitHub or a Russian file-sharing platform. Commands are executed as PowerShell scripts, making detection difficult. The malware may be distributed as legitimate software or cracked files. ASEC advises caution with unverified files and recommends keeping security solutions updated. Indicators of Compromise (IOCs): - MD5: 17909a3f757b4b31ab6cd91b3117ec50 - MD5: 29d43ebc516dd66f2151da9472959890 - MD5: 36235f722c0f3c71b25bcd9f98b7e7f0 - MD5: 498c89a2c40a42138da00c987cf89388 - MD5: 604b3c0c3ce5e6bd5900ceca07d587b9 - URLs: - http://krb.miner.rocks:4444/ - http://krb.sberex.com:3333/ - http://pool.karbowanec.com:3333/ - http://pool.supportxmr.com:3333/ - https://spac1.com/files/view/bitmessage-6-3-2-80507747/

AppWizard

May 23, 2025

This Is The Best Crypto Mining App For Android In 2025

BlockDAG X1 is a mobile-first crypto mining app for Android that allows users to mine up to 20 BDAG coins daily using a Proof-of-Engagement (PoE) algorithm, which minimizes battery usage. The app has a size of 50 MB and is designed for easy download and use without requiring technical expertise. It has a community of over 200,000 active miners and a presale that has raised over 8 million. Key features include energy efficiency, rigorous security measures, ecosystem integration, and a user-friendly interface. BlockDAG X1 has received mixed reviews, with some users praising its community and growth potential while others express skepticism about its quality and presale model. As of 2025, the app has undergone significant updates, with over 19.3 billion coins sold and anticipated exchange listings. Users are advised to conduct thorough research and be cautious of market volatility and potential scams in cryptocurrency mining.

Winsage

May 22, 2025

Microsoft says Lumma password stealer malware found on 394,000 Windows PCs

Microsoft, in collaboration with law enforcement, has taken legal action against the Lumma malware operation, which has affected over 394,000 Windows PCs globally, particularly in Brazil, Europe, and the United States. A federal court authorized the seizure of 2,300 domains used as command and control servers for Lumma, and the Justice Department confiscated five additional domains related to its infrastructure. Lumma is primarily spread through questionable games or cracked applications and extracts sensitive information such as logins, passwords, credit card details, and cryptocurrency wallets, which is then sold to other cybercriminals. Lumma also facilitates the deployment of additional malware, including ransomware, and has been linked to significant cyberattacks on major tech companies like PowerSchool and Snowflake, resulting in substantial data theft.

Winsage

May 22, 2025

BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover

The dMSA account in Active Directory manages service accounts with enhanced security and automation. Key attributes include msDS-DelegatedMSAState, which indicates the migration status (unknown, in progress, or completed), and msDS-ManagedAccountPrecededByLink, which identifies the superseded account. The msDS-GroupMSAMembership attribute specifies authorized principals for authentication as the dMSA account. After migration, systems using the old service account receive a notification from the Domain Controller that the previous account is disabled, along with a KERB-SUPERSEDED-BY-USER field pointing to the new dMSA. The Key Distribution Center (KDC) within the Kerberos protocol validates user identities and grants access based on permissions, ensuring secure network resource access.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

AppWizard

May 21, 2025

TSplus Releases Remote Support Android V4: Smarter, Broader, and Now Compatible with Android TV

TSplus has released version 4 of its Remote Support app for Android, which now fully supports Android TVs. This update enhances compatibility, performance, and usability, expanding device support to over 22,720 models, including both arm32 and x86 architectures. The app allows for innovative applications in various settings, such as home, retail, public transport, and events. Key features include Viewer mode for assisting others and casting presentations, and Sharer mode for secure screen sharing with remote technicians. The update also improves navigation for Android TV and optimizes network usage. Users can download the latest version from the Google Play Store.

Tech Optimizer

May 21, 2025

Achieve up to 1.7 times higher write throughput and 1.38 times better price performance with Amazon Aurora PostgreSQL on AWS Graviton4-based R8g instances

Upgrading to Graviton4-based R8g instances with Aurora PostgreSQL-Compatible 17.4 in an Aurora I/O-Optimized cluster configuration results in significant performance improvements. The new instances provide up to 1.7 times higher write throughput, 1.38 times better price-performance, and reduce commit latency by up to 46% on r8g.16xlarge instances and 38% on r8g.2xlarge instances compared to Graviton2-based R6g instances. The Amazon Aurora PostgreSQL-Compatible Edition now supports AWS Graviton4-based R8g instances and PostgreSQL 17.4, which introduces performance enhancements for I/O-Optimized configurations, optimizing write operations and batch processing. R8g instances offer up to 192 vCPUs and 1.5 TB of memory, supporting larger configurations and providing up to 50 Gbps of network bandwidth. PostgreSQL 17 includes vacuum improvements, eliminates the need to drop logical replication slots during upgrades, and expands SQL/JSON standards. Aurora PostgreSQL-Compatible separates compute from storage, enabling independent scaling and maintaining six-way replication for durability, while processing changes as log records to reduce I/O operations. Performance benchmarks using HammerDB show improvements in throughput and commit latency across various workloads. For small workloads on 2xlarge instance size, throughput increased by 50.25% and commit latency improved by 33.87%. For medium workloads on 16xlarge instance size, throughput increased by 30% and commit latency improved by 17.44%. The most significant performance benefits arise from combining hardware upgrades from Graviton2 to Graviton4 with database engine upgrades from PostgreSQL 15.10 to 17.4. For small workloads, throughput increased by 70% and commit latency improved by 38.71%. For medium workloads, throughput increased by 70% and commit latency improved by 46.67%. Cost efficiency is also enhanced, with a 38% improvement in price performance and a 61.26% improvement in price-performance ratio when comparing Graviton2 and Graviton4 instances. Reserved Instances for Graviton4-based R8g instances offer additional cost-optimization opportunities.

Winsage

May 21, 2025

Announcing new Microsoft Dataverse capabilities for multi-agent operations

Microsoft Dataverse is a secure and scalable platform that integrates enterprise data with agent functionalities, serving as the backbone for organizations to manage business and operational data. It powers Microsoft Copilot Studio, enabling developers to create agents that execute adaptive tasks while ensuring human oversight. Key features include AI-powered search, prompt columns for embedding generative AI, and the Dataverse Model Context Protocol (MCP) server, which transforms structured data into interactive knowledge for agents. The MCP server offers capabilities such as querying data, engaging with knowledge sources, creating/updating records, and executing custom prompts. Dataverse knowledge is integrated into Copilot Studio, connecting structured and unstructured data from various sources to create a unified knowledge network. Data in Dataverse is pre-indexed for near-real-time analytics, and integration with Microsoft Fabric allows for easy exploration of this data. Dynamics 365 data is now accessible within Microsoft 365 Copilot, streamlining workflows. New knowledge sources and connectors have been introduced, including Snowflake, SAP, and Confluence, enhancing agent capabilities. The Power Platform connector SDK simplifies the integration of external structured data into Power Apps and Dataverse. A centralized Tools hub in Copilot Studio allows for the management of reusable functionalities across agents. Additionally, three new managed agents are available in preview, designed to automate document workflows, generate executive briefs, and process inbound leads, facilitating quick implementation and scalability for organizations.

AppWizard

May 21, 2025

Android 16 QPR1 Beta 1 starts rolling out with Material 3 Expressive

Google has begun the rollout of Android 16's first Beta, known as Android 16 QPR1 (BP31.250502.008), for enrolled users of the Pixel 6 series and newer devices, including Pixel tablets. This update features the new Material 3 Expressive UI, which enhances user experience with a focus on color, shape, size, motion, and containment. Notable features include Gemini's live notifications, improved screen recording, and a redesigned Settings app with color-coded icons. The update also includes bug fixes, performance optimizations, and August 2025 security patches. Users who have previously enrolled in the Android 16 Beta will receive this update automatically.

AppWizard

May 20, 2025

Best Android Security Apps for Enterprise and Personal Use

Android holds a 71.65% market share as the leading mobile operating system. In 2025, users face sophisticated cyber threats such as ransomware and phishing scams. Android Enterprise provides a multi-layered defense system validated by the U.S. Department of Defense, featuring AI-driven threat detection that blocks 99.8% of malware through 100,000 daily app scans. It supports three device management models: Fully Managed Devices (COBO), Work Profiles (BYOD), and Dedicated Kiosk Mode. Recent enhancements include automated security patch deployment and hardware-backed key attestation. Leading Mobile Device Management (MDM) solutions include TinyMDM, which offers real-time location tracking and remote device wiping, and integrates with Microsoft Intune for conditional access. Harmony Mobile combines app reputation scanning with network-level phishing prevention. Emerging trends in enterprise security include AI-powered anomaly detection, with 42% of enterprises adopting Zero Trust principles, and rugged device management optimized for industrial environments. For personal protection, Bitdefender Mobile Security leads AV-Test rankings, Kaspersky Premium blocks 5.6 million malware attacks monthly, and Norton 360 Deluxe includes biometric app locking. Privacy tools like ExpressVPN and DuckDuckGo Privacy Browser enhance user security. Google's Project Zero reports a 35% decline in critical Android vulnerabilities, attributed to improved patch adoption. The convergence of enterprise and personal security solutions is emphasized, with a focus on AI/ML integration for enterprises and comprehensive protection suites for individuals.