phishing attacks Archives

Winsage

May 2, 2025

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

The tech community is celebrating the first "World Passkey Day," moving away from "World Password Day," with Microsoft and other organizations committing to the Passkey Pledge to promote passkey adoption. Microsoft has developed passkeys as a secure authentication method, replacing traditional passwords and allowing access via facial recognition, fingerprints, or PINs. Over 99% of users now prefer Windows Hello for sign-ins, and hundreds of websites support passkeys, which are resistant to phishing. Last year, there were 7,000 password attacks every second, highlighting the urgency of this transition. Microsoft has introduced passkey support for consumer applications, achieving nearly a million registrations daily, with passkey sign-ins being three times more successful and eight times faster than traditional methods. New Microsoft accounts will be created without passwords by default, and the sign-in process will prioritize passwordless methods. Currently, over 15 billion user accounts can use passkeys, with a goal to transition billions more.

Winsage

May 2, 2025

Microsoft Warns Windows Users—Delete Your Password

Microsoft aims to eliminate passwords for a billion users, promoting the use of passkeys that enhance account security by linking it to physical devices. The company warns that password-related attacks are increasing and emphasizes that having both a passkey and a password leaves accounts vulnerable to phishing. On World Password Day, Microsoft encourages users to abandon passwords entirely. The FIDO Alliance supports this initiative with a "Passkey Pledge," highlighting that over 35% of individuals have faced account compromises due to password vulnerabilities. Research shows that 54% of those familiar with passkeys find them more convenient, and 53% believe they offer better security. Microsoft will make new accounts passwordless by default and encourages existing users to remove their passwords. Passkeys are described as easy to use, intuitive, and resistant to phishing. For those who continue to use passwords, Microsoft advises making them long and complex and using authentication apps for two-factor authentication.

Winsage

April 17, 2025

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A vulnerability in Windows, identified as CVE-2025-24054, is being actively exploited in phishing campaigns targeting government and private sectors. Initially addressed in Microsoft's March 2025 Patch Tuesday, it was not considered actively exploited at that time. Researchers from Check Point reported increased exploitation activities shortly after the patches were released, particularly between March 20 and 25, 2025. Some attacks were linked to the Russian state-sponsored group APT28, but definitive attribution is lacking. The vulnerability allows attackers to capture NTLM hashes through phishing emails containing manipulated .library-ms files that trigger the flaw when interacted with. Check Point noted that subsequent attacks involved .library-ms files sent directly, requiring minimal user interaction to exploit. The malicious files also included additional components that exploit older vulnerabilities related to NTLM hash leaks. The attacker-controlled SMB servers were traced to specific IP addresses. Although rated as medium severity, the potential for authentication bypass and privilege escalation makes it a significant concern, prompting recommendations for organizations to install updates and disable NTLM authentication if not necessary.

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

Winsage

April 7, 2025

EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher

EncryptHub has been linked to breaches affecting 618 organizations and is associated with the disclosure of two Windows zero-day vulnerabilities, CVE-2025-24061 and CVE-2025-24071, to Microsoft. The vulnerabilities were addressed during the March 2025 Patch Tuesday updates, and the reporter was acknowledged as 'SkorikARI with SkorikARI.' Investigations revealed a connection between EncryptHub and SkorikARI, following an incident where EncryptHub exposed their credentials. SkorikARI's accounts were used to report the vulnerabilities, contributing to Windows security. Evidence linking SkorikARI to EncryptHub includes password files exfiltrated from EncryptHub's system and a GitHub account associated with SkorikARI. EncryptHub has previously attempted to market zero-day vulnerabilities on underground forums and is believed to have affiliations with ransomware groups. The threat actor has executed social engineering campaigns, phishing attacks, and developed a custom infostealer known as Fickle Stealer. They created fictitious social media profiles and websites, such as a fake project management application called GartoriSpace, which installed malicious files on unsuspecting users. EncryptHub has also been implicated in exploiting a Microsoft Management Console vulnerability, CVE-2025-26633.

Winsage

April 5, 2025

Microsoft Confirms Password Deletion For Windows Users—What You Do Now

Microsoft is transitioning away from passwords to enhance security, encouraging users to adopt passkeys. Passkeys are securely stored secrets on a user's device, unlocked through biometrics, PINs, or patterns, making them resistant to phishing and eliminating the need for complex passwords. Users can set up passkeys by signing into their Microsoft account's Advanced Security Options or Security Info, selecting a sign-in method, and following on-screen instructions. Once established, signing in is straightforward, requiring only the chosen authentication method. Microsoft is prioritizing passkeys for new accounts and refining its sign-in logic to improve efficiency, with passkeys being three times faster than traditional passwords. Passkeys can be used across devices and applications that support them, with Windows Hello facilitating authentication.

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

AppWizard

March 28, 2025

PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel

PJobRAT is an Android Remote Access Trojan (RAT) that re-emerged in 2023 with improved capabilities and a refined targeting strategy, previously known for attacking Indian military personnel in 2021. It is now targeting users in Taiwan through social engineering tactics, disguising itself as legitimate dating and messaging apps. The malware is distributed via compromised WordPress sites hosting fake applications like “SaangalLite” and “CChat.” The infection footprint is small, indicating highly targeted attacks rather than widespread campaigns. PJobRAT retains its core functionality of exfiltrating sensitive information, including SMS messages, contacts, and media files, while enhancing command execution capabilities. Upon installation, the malicious apps request extensive permissions to operate continuously in the background. The malware uses a dual-channel communication infrastructure, with Firebase Cloud Messaging (FCM) as the primary command channel and a secondary HTTP-based channel for data exfiltration to a command-and-control server. The campaign appears to have concluded, but the evolution of PJobRAT highlights the ongoing threat of sophisticated mobile malware targeting high-value individuals.

AppWizard

March 27, 2025

Signal says it is ‘gold standard’ for encrypted messaging, despite claims of vulnerabilities

Rep. Pat Harrigan of North Carolina raised concerns about a report that the Trump administration accidentally texted a journalist about military operations in Yemen, questioning the security protocols of the administration regarding the encrypted messaging app, Signal. Signal responded by asserting that its software is "the gold standard for private, secure communications" and clarified that a reported "vulnerability" was related to phishing scams and not flaws in their technology. The company has introduced new user flows and in-app warnings to protect against phishing attacks and emphasized its open-source nature for regular audits. President Trump acknowledged the mistake, stating that a staffer mistakenly added journalist Jeffrey Goldberg to a group chat discussing a military strike against the Houthis in Yemen, which included senior officials. The incident has led to criticism, particularly from Democrats calling for resignations and congressional testimony from those involved.

Tech Optimizer

March 27, 2025

Do Macs need antivirus? Debunking the security myth

Many users believe that Macs are immune to cybersecurity threats, leading them to neglect protective measures. This perception originated from Apple's marketing and the historical lower targeting of Macs due to their smaller market share. However, as the popularity of Macs has increased, so has the development of malware aimed at macOS. Reports indicate that malware targeting Macs has now outpaced that targeting Windows on a per-device basis. While macOS includes strong security features like XProtect, Gatekeeper, and System Integrity Protection, these are not foolproof. XProtect only defends against known malware, leaving users vulnerable to new threats. Macs are susceptible to various types of malware, including adware, Trojans, and phishing attacks. Antivirus software is important for Macs as it protects against evolving malware, shields users from phishing and online scams, enhances privacy protection, and prevents cross-platform threats.