phishing attacks Archives

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

Winsage

April 7, 2025

EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher

EncryptHub has been linked to breaches affecting 618 organizations and is associated with the disclosure of two Windows zero-day vulnerabilities, CVE-2025-24061 and CVE-2025-24071, to Microsoft. The vulnerabilities were addressed during the March 2025 Patch Tuesday updates, and the reporter was acknowledged as 'SkorikARI with SkorikARI.' Investigations revealed a connection between EncryptHub and SkorikARI, following an incident where EncryptHub exposed their credentials. SkorikARI's accounts were used to report the vulnerabilities, contributing to Windows security. Evidence linking SkorikARI to EncryptHub includes password files exfiltrated from EncryptHub's system and a GitHub account associated with SkorikARI. EncryptHub has previously attempted to market zero-day vulnerabilities on underground forums and is believed to have affiliations with ransomware groups. The threat actor has executed social engineering campaigns, phishing attacks, and developed a custom infostealer known as Fickle Stealer. They created fictitious social media profiles and websites, such as a fake project management application called GartoriSpace, which installed malicious files on unsuspecting users. EncryptHub has also been implicated in exploiting a Microsoft Management Console vulnerability, CVE-2025-26633.

Winsage

April 5, 2025

Microsoft Confirms Password Deletion For Windows Users—What You Do Now

Microsoft is transitioning away from passwords to enhance security, encouraging users to adopt passkeys. Passkeys are securely stored secrets on a user's device, unlocked through biometrics, PINs, or patterns, making them resistant to phishing and eliminating the need for complex passwords. Users can set up passkeys by signing into their Microsoft account's Advanced Security Options or Security Info, selecting a sign-in method, and following on-screen instructions. Once established, signing in is straightforward, requiring only the chosen authentication method. Microsoft is prioritizing passkeys for new accounts and refining its sign-in logic to improve efficiency, with passkeys being three times faster than traditional passwords. Passkeys can be used across devices and applications that support them, with Windows Hello facilitating authentication.

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

AppWizard

March 28, 2025

PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel

PJobRAT is an Android Remote Access Trojan (RAT) that re-emerged in 2023 with improved capabilities and a refined targeting strategy, previously known for attacking Indian military personnel in 2021. It is now targeting users in Taiwan through social engineering tactics, disguising itself as legitimate dating and messaging apps. The malware is distributed via compromised WordPress sites hosting fake applications like “SaangalLite” and “CChat.” The infection footprint is small, indicating highly targeted attacks rather than widespread campaigns. PJobRAT retains its core functionality of exfiltrating sensitive information, including SMS messages, contacts, and media files, while enhancing command execution capabilities. Upon installation, the malicious apps request extensive permissions to operate continuously in the background. The malware uses a dual-channel communication infrastructure, with Firebase Cloud Messaging (FCM) as the primary command channel and a secondary HTTP-based channel for data exfiltration to a command-and-control server. The campaign appears to have concluded, but the evolution of PJobRAT highlights the ongoing threat of sophisticated mobile malware targeting high-value individuals.

AppWizard

March 27, 2025

Signal says it is ‘gold standard’ for encrypted messaging, despite claims of vulnerabilities

Rep. Pat Harrigan of North Carolina raised concerns about a report that the Trump administration accidentally texted a journalist about military operations in Yemen, questioning the security protocols of the administration regarding the encrypted messaging app, Signal. Signal responded by asserting that its software is "the gold standard for private, secure communications" and clarified that a reported "vulnerability" was related to phishing scams and not flaws in their technology. The company has introduced new user flows and in-app warnings to protect against phishing attacks and emphasized its open-source nature for regular audits. President Trump acknowledged the mistake, stating that a staffer mistakenly added journalist Jeffrey Goldberg to a group chat discussing a military strike against the Houthis in Yemen, which included senior officials. The incident has led to criticism, particularly from Democrats calling for resignations and congressional testimony from those involved.

Tech Optimizer

March 27, 2025

Do Macs need antivirus? Debunking the security myth

Many users believe that Macs are immune to cybersecurity threats, leading them to neglect protective measures. This perception originated from Apple's marketing and the historical lower targeting of Macs due to their smaller market share. However, as the popularity of Macs has increased, so has the development of malware aimed at macOS. Reports indicate that malware targeting Macs has now outpaced that targeting Windows on a per-device basis. While macOS includes strong security features like XProtect, Gatekeeper, and System Integrity Protection, these are not foolproof. XProtect only defends against known malware, leaving users vulnerable to new threats. Macs are susceptible to various types of malware, including adware, Trojans, and phishing attacks. Antivirus software is important for Macs as it protects against evolving malware, shields users from phishing and online scams, enhances privacy protection, and prevents cross-platform threats.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

AppWizard

March 26, 2025

Days after the Signal leak, the Pentagon warned the app was the target of hackers

A Pentagon advisory warns against using the messaging application Signal for any communications, even unclassified ones, due to a vulnerability exploited by Russian hacking groups. This follows an incident where a journalist was inadvertently included in a Signal chat about military operations in Yemen. The advisory, dated March 18, indicates that Signal is not authorized for processing or storing non-public unclassified information, despite previous guidance allowing its use for unclassified accountability exercises. A 2023 Department of Defense memo also prohibited using mobile applications for controlled unclassified information. The accidental inclusion of a journalist in sensitive discussions is termed “spillage,” which can endanger military careers. Signal's spokesman stated that the memo does not reflect concerns about the app's inherent security but emphasizes vigilance against phishing attacks.