organization Archives

Winsage

May 8, 2025

Windows 0-Day Vulnerability Exploited in Wild to Deploy Play ransomware

Threat actors associated with the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows, identified as CVE-2025-29824, before a patch was released on April 8, 2025. This vulnerability affects the Windows Common Log File System (CLFS) driver, allowing attackers to elevate their privileges to full system access. The Play ransomware group targeted an unnamed organization in the United States, likely gaining initial access through a public-facing Cisco Adaptive Security Appliance (ASA). During this intrusion, no ransomware payload was deployed; instead, the attackers used a custom information-stealing tool named Grixba. Microsoft attributed this activity to the threat group Storm-2460, known for deploying PipeMagic malware. The exploitation affected various sectors, including IT, real estate in the U.S., finance in Venezuela, software in Spain, and retail in Saudi Arabia. The vulnerability received a CVSS score of 7.8 and was addressed in Microsoft's April 2025 Patch Tuesday updates. The attack involved creating files in the path C:ProgramDataSkyPDF, injecting a DLL into the winlogon.exe process, extracting credentials from LSASS memory, creating new administrator users, and establishing persistence. The Play ransomware group has been active since June 2022 and employs double-extortion tactics. Organizations are urged to apply the security updates released on April 8, 2025, especially for vulnerable Windows versions, while Windows 11 version 24H2 is not affected due to existing security mitigations.

Winsage

May 7, 2025

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, which has a CVSS score of 7.8 and is categorized as a "Use after free" vulnerability. This flaw allows an authorized attacker to elevate privileges locally and has been confirmed to be exploited in real-world attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog in April. Microsoft addressed this vulnerability during its April Patch Tuesday security updates, acknowledging its exploitation in limited attacks targeting various sectors in the U.S. and Saudi Arabia. Researchers from Symantec reported that the Play ransomware gang used the CVE-2025-29824 exploit in an attack against a U.S. organization before the public disclosure and patching of the vulnerability. The attackers utilized the Grixba infostealer tool and initially exploited a public-facing Cisco ASA firewall to gain entry. They deployed tools to gather information, escalated privileges using the CVE-2025-29824 exploit, and executed malicious scripts to steal credentials. The exploit took advantage of race conditions in driver memory handling, allowing kernel access and manipulation of files. Before the patch was released, the exploit was reportedly used by multiple threat actors, and Microsoft linked it to other malware.

Winsage

May 7, 2025

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, to execute zero-day attacks, gaining SYSTEM privileges and deploying malware. Microsoft recognized this flaw and issued a patch during last month's Patch Tuesday. The gang targeted sectors including IT and real estate in the U.S., the financial sector in Venezuela, a Spanish software company, and retail in Saudi Arabia. They used the PipeMagic backdoor malware to deploy the CVE-2025-29824 exploit and install ransomware payloads. Symantec's Threat Hunter Team linked these activities to the Play ransomware-as-a-service operation, noting the use of the Grixba infostealer tool. The Play ransomware group, active since at least June 2022, employs double-extortion tactics and has compromised approximately 300 organizations globally as of October 2023. Notable victims include Rackspace, Arnold Clark, the City of Oakland, Dallas County, Antwerp, and Microchip Technology.

AppWizard

May 6, 2025

Gardening and tech don’t always go hand-in-hand, but these solutions help make it more fun and less work

Tertill is a compact robotic weeder priced at 9 that helps busy gardeners by taking care of weeding tasks. It has sold out this season due to its popularity. The Seedtime app serves as a digital companion for gardeners, offering a free version and a premium subscription starting at approximately .55 per month. Users can input their garden details, and the app calculates optimal planting times and schedules. It allows manual input for crops not in its database and features a layout section for garden design. Recent updates include an AI-powered companion planting feature that suggests beneficial plant pairings and provides planting dates for crops not in the app's database. The app aims to streamline gardening tasks and enhance the overall gardening experience.

AppWizard

May 6, 2025

Mike Waltz’s Cabinet Messaging App Goes Dark After Massive Hack

TeleMessage, an encrypted messaging application, has temporarily suspended its services following a security breach. The platform was used by dismissed national security adviser Mike Waltz during a Cabinet meeting, and a leaked image of his inbox showed conversations with notable figures such as Vice President JD Vance and Secretary of State Marco Rubio. The breach, reported by 404 Media, did not access messages among Cabinet members but compromised data from Customs and Border Protection, cryptocurrency firm Coinbase, and various financial institutions. The hacker claimed the breach was easy, completing it within 15-20 minutes. Signal, the platform from which TeleMessage archives messages, stated it cannot guarantee the security of unofficial versions. TeleMessage was acquired by U.S. company Smarsh last year for archiving communications. Following controversies, including Waltz's accidental inclusion in a group chat discussing a military operation, he was removed from his position, and President Trump expressed skepticism about using Signal for government communications.

AppWizard

May 6, 2025

TeleMessage suspends services after hackers claim breach

TeleMessage has temporarily suspended all services due to a reported security breach, with the parent company Smarsh investigating the incident. Customs and Border Protection (CBP) has discontinued using the app as a precaution. A hacker claimed to have accessed a centralized TeleMessage server and downloaded data, including a screenshot of the contact list for employees at Coinbase, which confirmed the authenticity of the screenshot but stated that customer data remained secure. Multiple U.S. government agencies have contracts with TeleMessage or related entities. Another hacker also claimed to have breached TeleMessage, providing evidence of their claims. The investigation into the breach is ongoing, and it is unclear if sensitive communications from U.S. officials were compromised.

Tech Optimizer

May 5, 2025

VIPRE Advanced Security Awarded Highest Ranking in AV-Comparatives’ Malware Protection Test 2025

VIPRE® Advanced Security received the Advanced+ award from AV-Comparatives in the March 2025 Malware Protection Test for its effectiveness against cyber threats. The test evaluated 19 security products using 10,030 malware samples on a Windows 11 system, focusing on both online and offline threats. VIPRE achieved a 98.7% detection rate in all scenarios, a 99.93% overall protection rate during execution testing, and had one of the lowest false positive counts among the products tested. VIPRE's security solutions are integrated into other Ziff Davis products, enhancing their protection capabilities. VIPRE is a subsidiary of Ziff Davis, Inc., specializing in cybersecurity solutions with over 25 years of experience.

AppWizard

May 4, 2025

The 15 Hottest Android Apps You Need This May 2025

Android maintains its leading position in the mobile operating system market with a diverse ecosystem of applications. A selection of 15 notable Android apps for May 2025 includes: 1. Gesture Control: Edge Seek allows users to create customizable gestures for tasks like volume adjustments and app launches. 2. Device Mirroring: Screen Copy for Android enables users to mirror and control one Android device from another. 3. Customization: Everything Widgets offers over 100 customizable widgets, while Anting Icons provides a unified icon pack. Creative App combines widgets, wallpapers, and icon packs, and Fluffy KWGT features 3D-style widgets. 4. Cross-Device Integration: Sapphira syncs Android with Windows for messaging and file sharing, while Our Quick Share extends functionality for Mac and Linux users. 5. AI Tools: Adma is a free AI image upscaler that enhances image resolution offline. 6. Gaming and Entertainment: Swick is a platform for discovering and playing mini-games. 7. Lightweight Alternatives: Notebook is an ad-free alternative to the Facebook app with a minimalistic design. 8. Rooted Device Tools: Pixel Launcher Enhanced and Android 16 Expressive Theme provide advanced customization for rooted devices. 9. Productivity and Organization: Pixel Shot organizes screenshots, and Digipause tracks time spent on video apps. 10. Utility Tools: Curome combines over 25 features, including a QR code generator and Pomodoro timer. These apps enhance functionality, creativity, and efficiency for Android users.

AppWizard

May 2, 2025

Stainless promotes Ben Gunstone to CEO

Ben Gunstone has been promoted to chief executive officer of Stainless Games, succeeding Patrick Buckland, who has led the company since 1994. Gunstone joined Stainless in 2022 as a game director and became operations director before this promotion. Buckland will transition to the role of Executive Chairman. Gunstone expressed pride in his new role and emphasized the company's commitment to creating exceptional games. Buckland, who is 62, decided to step back from the daily stresses of being CEO while still nurturing the company's legacy as the majority shareholder.

Winsage

May 2, 2025

Microsoft Warns Windows Users—Delete Your Password

Microsoft aims to eliminate passwords for a billion users, promoting the use of passkeys that enhance account security by linking it to physical devices. The company warns that password-related attacks are increasing and emphasizes that having both a passkey and a password leaves accounts vulnerable to phishing. On World Password Day, Microsoft encourages users to abandon passwords entirely. The FIDO Alliance supports this initiative with a "Passkey Pledge," highlighting that over 35% of individuals have faced account compromises due to password vulnerabilities. Research shows that 54% of those familiar with passkeys find them more convenient, and 53% believe they offer better security. Microsoft will make new accounts passwordless by default and encourages existing users to remove their passwords. Passkeys are described as easy to use, intuitive, and resistant to phishing. For those who continue to use passwords, Microsoft advises making them long and complex and using authentication apps for two-factor authentication.