phishing risks Archives

Winsage

November 10, 2025

Advancing security with Windows and Surface | Microsoft SFI Report Nov 2025

Microsoft is committed to security through its Secure Future Initiative (SFI), which employs 34,000 engineers to enhance cybersecurity. The November 2025 SFI Progress Report outlines advancements in security, including principles of Secure by Design, Secure by Default, and Secure Operations integrated into Windows and Surface products. Key updates include: - Windows 11 introduces passwordless sign-in with Passkeys and FIDO2 credentials to reduce phishing risks. - Phishing-resistant multi-factor authentication (MFA) is now widely used, lowering account compromise risks. - Windows Hotpatch allows security updates without device restarts, achieving 81% compliance within 24 hours of Patch Tuesday. - Windows 11 features quick machine recovery for automatic, cloud-connected recovery from boot failures. Surface devices lead in security by enabling all recommended features by default and developing memory-safe firmware to address vulnerabilities. Notably, 70% of security vulnerabilities are linked to memory safety issues, and Surface uses Rust-based UEFI firmware to enhance defenses. Surface also develops Windows drivers in Rust to eliminate memory safety bugs and shares innovations through the Open Device Partnership to improve security across the ecosystem.

Winsage

May 25, 2025

Windows Passwords Are Under Attack — Do These 7 Things Now

Microsoft Windows is a target for cybercriminals, particularly regarding password theft. Trend Micro has reported an increase in fraudulent Captcha attacks that trick users into executing malicious commands through the Windows Run dialog, leading to data theft and malware infections. These attacks utilize PowerShell and can deploy various malware types, including Lumma Stealer and AsyncRAT. Despite efforts to disrupt the Lumma Stealer network, threats persist, exploiting legitimate platforms. Microsoft recommends users adopt safer online practices and outlines seven mitigations for organizations: disable access to the Run dialog, apply least privilege, restrict access to unapproved tools, monitor unusual behavior, harden browser configurations, enable memory protection, and invest in user education.

AppWizard

November 27, 2024

Choosing the right secure messaging app for your organization

Liad Shnell, the Chief Technology Officer at Rakuten Viber, discussed key factors organizations should consider when selecting secure messaging applications. Important features include end-to-end encryption, global accessibility, integration capabilities, AI-driven extensibility, and privacy standards like SOC 2 Type 2 and GDPR compliance. To mitigate phishing and malware risks, users should exercise caution with links and verify sender identities. Leading platforms like Viber implement security measures, such as filtering messages from unknown senders and using algorithms to block suspicious activities. The SANS 2024 Security Awareness Report indicates that 89% of respondents view social engineering attacks as a primary concern, emphasizing the need for security awareness programs, clear communication policies, and AI-driven detection tools. Balancing usability and security is essential, with a focus on user experience through AI-driven automation and zero trust principles. Emerging trends include post-quantum cryptography and enhanced AI detection capabilities to maintain authenticity in conversations as technology evolves.