operations Archives

Winsage

August 28, 2025

Hackers Abuse Microsoft Teams to Gain Remote Access With PowerShell-based Malware

Cybercriminals are increasingly targeting Microsoft Teams to deploy malware and gain control over victim systems, shifting from traditional email phishing attacks. They impersonate IT support staff in Teams chats to deceive employees into granting remote access. Attackers use newly created or compromised accounts with names like “IT SUPPORT

” to appear legitimate. They establish trust and persuade employees to install remote access software, allowing direct access to corporate networks. Recent incidents involve malware loaders like DarkGate and Matanbuchus, with attackers executing PowerShell commands to download malicious payloads designed for credential theft and remote code execution. The malware can designate its process as “critical” to evade detection and trick users into entering passwords through a legitimate-looking prompt. Analysis links these campaigns to the financially motivated threat actor known as Water Gamayun. Employees must be trained to verify unsolicited requests for credentials or software installations through separate communication channels.

AppWizard

August 28, 2025

Thunderful shareholders agree to Atari majority ownership

Shareholders of Thunderful Group approved Atari's acquisition of an 81.7 percent stake in the company, facilitated by the issuance of 333,333,334 new ordinary shares for a total investment of SEK 50 million (approximately .3 million). Atari's COO Geoffroy Châteauvieux and CTO Andreas Deptolla will join Thunderful's board following this acquisition. Atari has also acquired five game intellectual properties from Ubisoft, including Transport Tycoon and Surgeon Simulator. Thunderful has faced challenges leading to layoffs and the sale of its distribution network and subsidiaries, Headup and Jumpship, to stabilize its finances.

AppWizard

August 27, 2025

Rec Room lays off “roughly half” its staff

Studio Rec Room has laid off approximately half of its development team due to its current financial trajectory. The company is shifting its focus to its PC and VR editions, which have shown the highest user engagement. In December 2021, Rec Room raised million in funding, achieving a valuation of .5 billion. Chief Creative Officer Cameron Brown acknowledged that past strategies did not align with the needs of the team or players. Brown expressed regret over the layoffs and highlighted the talent of those affected, encouraging industry peers to consider them for future opportunities. The restructuring aims to help Rec Room pursue a more sustainable path in the gaming industry.

Tech Optimizer

August 27, 2025

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Ransomware is being enhanced by artificial intelligence, with cybercriminals using generative AI tools to create sophisticated malware. A notable example is PromptLock, identified as the first fully AI-driven ransomware, discovered on August 27, 2025. It utilizes OpenAI’s gpt-oss-20b model to dynamically generate malicious code, complicating detection efforts. ESET's analysis indicates that PromptLock processes operations locally on the victim's device, minimizing external communications and reducing its digital footprint. The first half of 2025 saw a 70% increase in ransomware victims, largely due to AI-enhanced phishing campaigns. Akamai Technologies reported a 37% increase in ransomware incidents in 2024, fueled by generative AI. Governments are beginning to respond with regulations for quicker breach disclosures, and cybersecurity experts emphasize the need for continuous monitoring and adaptive defenses.

Winsage

August 26, 2025

5 “just-enough” open-source apps I install on every fresh Windows setup

A fresh installation of Windows provides a clean slate, but soon requires essential tools for tasks like file extraction, text editing, audio recording, and screen capturing. The following open-source tools are recommended: - 7-Zip: A lightweight file compression tool that supports various formats (.zip, .rar, .tar, .7z, .iso) and integrates into the right-click context menu. It is free and maintained by a community. - OBS Studio: An open-source software for gamers and content creators that excels in livestreaming and game recording, featuring customizable recording parameters and a replay buffer. - Audacity: A long-standing open-source audio editing software that is lightweight yet feature-rich, ideal for straightforward audio editing tasks and supports built-in effects and plugins. - Notepad++: An enhanced text editor that supports multiple programming languages and syntax highlighting, making it suitable for editing configuration files, with lightweight nature and plugin support. - ShareX: An open-source screenshot tool that offers advanced features and customizable workflows, improving upon the Snipping Tool for seamless screenshot management. The author values these tools for being free, open-source, and reliable, often preferring them over proprietary software.

AppWizard

August 26, 2025

Google Will Verify Android App Developers Outside Play Store

Google will implement a comprehensive identity verification system for all app developers on its Android platform starting next year. This system aims to enhance security by ensuring all developers are identifiable, thus reducing risks associated with malware. The verification will apply to all applications, including those distributed outside the Google Play Store, but developers can still use alternative channels. Google will retain developer data for accountability. An internal survey indicated that 50 times more malware comes from sources outside the Play Store. The verification system will have early access in October this year, with a full rollout scheduled for March 2026 and a phased implementation beginning in September 2026 in select countries. Developers will need to submit their official names, addresses, emails, and phone numbers as part of the process.

Tech Optimizer

August 26, 2025

How we loaded a petabyte into PostgreSQL before New Year — and what happened next

A team decided to test PostgreSQL's capabilities with a one-petabyte database, setting a challenge for December 10, with a report due by January 20. They initially sought cloud storage but found no provider could meet their requirement for a single chunk of storage, leading them to rent physical servers. They used Shardman, a distributed database engine, to manage the database across seven servers. They employed the YCSB benchmark for performance testing and faced various challenges, including data loading issues and hardware problems. By January 15, they reached 863 terabytes of data generation, falling short of their petabyte goal, and documented their findings for future reference.

Tech Optimizer

August 26, 2025

Instacart Consolidates Search Infrastructure on Postgresql, Phasing Out Elasticsearch

Instacart has replaced Elasticsearch with PostgreSQL for its search infrastructure, integrating keyword and embedding-based retrieval into a single system. This change aims to streamline operations, reduce synchronization issues, and improve search result precision and recall. The new design enhances result retrieval by combining traditional keyword searches with semantic retrieval, allowing for both specific and broader queries. The migration has increased development speed, improved inventory management, and enabled real-time updates for users. Ankit Mittal, an engineer at Instacart, reported a 10x reduction in write workload and nearly 80% savings on storage and indexing costs due to a normalized data model. The previous dual-database setup caused synchronization issues and higher operational costs. The new architecture uses sharded PostgreSQL instances with a normalized data model, allowing for horizontal scaling and efficient text matching through GIN indexes and a modified ts_rank function. PostgreSQL extensions like pg_trgm and pgvector facilitate both keyword and semantic search, ensuring efficient query routing and rapid result retrieval.

Tech Optimizer

August 25, 2025

Linux Foundation says yes to NoSQL via DocumentDB

The Linux Foundation has welcomed Microsoft's DocumentDB as an open-source project under the MIT license, marking a shift in document databases. This move responds to MongoDB's licensing changes in 2018, which introduced the Server Side Public License (SSPL), raising concerns among developers about cloud services and competition. Many companies have shifted to more restrictive licenses to protect innovations from larger cloud providers, but such licenses have not gained widespread acceptance. Microsoft developed DocumentDB in 2024 with PostgreSQL extensions to support BSON data models and MongoDB-compatible operations, aiming to bridge relational and non-relational databases. DocumentDB's MIT license allows users to fork, use, and distribute the software freely. The project emerged in response to MongoDB's practices, and initiatives like FerretDB advocate for standardized query languages across document databases. Microsoft's commitment to DocumentDB reflects a trend towards transparency and collaboration in the industry.

Tech Optimizer

August 25, 2025

New Android Spyware Masquerading as Antivirus Targets Business Executives

Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware named Android.Backdoor.916.origin, which has been evolving since January 2025. This spyware primarily targets Russian businesses through focused attacks, disseminated via private messages as a fake antivirus application called “GuardCB.” The app's icon resembles the Central Bank of the Russian Federation's emblem and is presented in Russian. Variants of the malware include names like “SECURITY_FSB” and “FSB,” falsely claiming to be security tools linked to Russian law enforcement. Upon execution, the malware simulates an antivirus scan, requesting extensive system permissions for surveillance and data exfiltration, including access to geolocation, audio recording, SMS, contacts, call logs, media files, and camera functions. It establishes connections to command-and-control servers, allowing attackers to send and receive sensitive data, initiate audio and video feeds, and execute commands. The malware employs keylogger functionality to intercept keystrokes and monitor specific applications for content theft. Doctor Web has notified domain registrars to disrupt the malware's infrastructure and confirms that all known variants are detected and neutralized by their antivirus solutions. Organizations are advised to enforce strict APK sideloading policies and verify app authenticity to counter such threats.