proactive security measures Archives

Tech Optimizer

May 27, 2025

Microsoft oversells Windows 11’s Smart App Control as a “top antivirus solution”

Microsoft's Smart App Control (SAC) is integrated into Windows 11 and requires a clean installation to function optimally. It is designed to enhance security by using artificial intelligence to proactively shield users from threats, working alongside existing antivirus software rather than replacing it. SAC aims to anticipate and block suspicious applications before they can cause harm, minimizing system performance impact by avoiding constant file scanning. However, the effectiveness of SAC and its claims of being a groundbreaking innovation have been questioned, as proactive security measures have existed for years, and modern antivirus solutions offer advanced features beyond basic scanning. Users are advised to consider independent testing platforms for reliable antimalware options.

Tech Optimizer

May 25, 2025

Microsoft’s Smart App Control blocks malware and has ‘lighter impact on your PC’s performance’

Microsoft has introduced Smart App Control (SAC) with the rollout of Windows 11 22H2, enhancing its security framework by proactively blocking untrusted or unknown applications. Users must perform a fresh installation of Windows to utilize this feature. Unlike traditional antivirus solutions that operate on a reactive basis, SAC employs a "Guilty until proven innocent" approach, assessing applications against Microsoft's Intelligence Security Graph and verifying digital signatures to determine legitimacy. If an application is deemed potentially harmful or unsigned, it is blocked by Windows Security.

Tech Optimizer

May 4, 2025

5 reasons why I stopped using an antivirus on Windows 11

A growing number of users are reevaluating their reliance on traditional antivirus software, reflecting a deeper understanding of personal security needs. Many individuals are adopting strong cyber hygiene practices, taking personal responsibility for safe browsing and cautious online behavior. Modern browsers like Opera and Brave offer built-in security features and VPNs, emphasizing self-discipline in cybersecurity. Microsoft Defender Antivirus, integrated into Windows 11, provides real-time protection and frequent updates, making it a reliable choice for users who practice basic cyber hygiene. High-end antivirus packages often come with subscription fees, while open-source solutions can be cost-effective alternatives. Users have reported improved system performance after moving away from third-party antivirus programs, experiencing faster boot times and increased responsiveness. Essential security features are now recognized as not exclusive to antivirus software, with regular data backups, encryption, and password management enhancing overall protection. While some users find sufficient protection without traditional antivirus software, others with different threat models may still require it.

Winsage

April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.

Winsage

March 26, 2025

New Windows Zero-Day Vulnerability Exposes NTLM Credentials – Unofficial Patch Now Available

A zero-day vulnerability has been identified in the Windows operating system, affecting versions from Windows 7 and Server 2008 R2 to Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into opening malicious files in Windows Explorer. Microsoft has been notified, and while there is no official CVE number yet, an unofficial patch is available through 0patch. The flaw is similar to previous vulnerabilities related to NTLM hash disclosures but has not been widely discussed. To exploit it, attackers need network access to the victim's system or a way to relay stolen credentials. 0patch has created micropatches for all affected Windows versions, which are available for free until Microsoft provides an official fix. This is the fourth zero-day vulnerability reported by 0patch recently, with previous vulnerabilities including those in Windows Theme files and the Mark of the Web issue on Server 2012. 0patch also offers patches for NTLM-related vulnerabilities that Microsoft has classified as “wont fix.” Users can create a free account with 0patch for automatic protection against these vulnerabilities. Micropatches are available for various Windows versions, including both legacy and currently supported systems, and will remain free until an official Microsoft fix is released.

Winsage

March 12, 2025

CISA Warns of Microsoft Windows Win32 Kernel Subsystem Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has identified a vulnerability in the Microsoft Windows Win32 kernel subsystem, designated as CVE-2025-24983. This use-after-free vulnerability in the Win32k component could allow an authorized attacker to elevate privileges locally. It is categorized under Common Weakness Enumeration (CWE) 416. CISA recommends users apply Microsoft’s mitigation instructions, follow Binding Operational Directive (BOD) 22-01 for cloud services, and discontinue use of affected products if necessary. The deadline for addressing this vulnerability is April 1, 2025.

Winsage

February 19, 2025

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

Cybersecurity experts at FortiGuard Labs have identified a new variant of the Snake Keylogger, known as AutoIt/Injector.GTY!tr, which targets Windows users and has blocked over 280 million infection attempts worldwide, particularly in China, Turkey, Indonesia, Taiwan, and Spain. The malware spreads primarily through phishing emails with malicious attachments or links and focuses on popular web browsers to steal sensitive information by logging keystrokes, capturing credentials, and monitoring clipboard activity. It exfiltrates data to its command-and-control server via email and Telegram bots. The malware uses AutoIt scripting to create standalone executables that evade antivirus detection. It installs itself by dropping "ageless.exe" in the %Local_AppData%supergroup folder and "ageless.vbs" in the %Startup% folder to ensure persistence. The malware employs process hollowing to inject its payload into a legitimate .NET process, allowing it to hide from detection. Additionally, the Snake Keylogger can retrieve the victim’s geolocation and extract sensitive information from browser autofill systems, including credit card details. It utilizes various techniques for data collection, credential access, defense evasion, and exfiltration, posing a significant threat to Windows users.

AppWizard

December 13, 2024

Only 3 of the top 150 Android apps can detect reverse engineering tool Frida — here’s why that’s bad

A recent examination by the Norwegian cybersecurity firm Promon found that 144 out of the top 150 Android applications are vulnerable to manipulation using the Frida dynamic instrumentation toolkit. Only three of the tested apps could detect Frida and limit their functionality. This indicates that approximately 97% of popular Android applications are susceptible to exploitation. The analysis highlights a significant security gap, prompting calls for enhanced detection mechanisms in apps handling sensitive data. The specific apps tested have over 550 million daily users and an average of 206 million monthly users as of November 2024. Users are advised to keep their devices updated, install reputable antivirus applications, and consider using Google Play Protect for additional security.

AppWizard

November 7, 2024

Uninstall these 12 Android apps that record your conversations

Twelve malicious Android applications have been identified that can take control of devices to record audio and perform other harmful activities. These apps include: 1. Rafaqat 2. Privee Talk 3. MeetMe 4. Let’s Chat 5. Quick Chat 6. Chit Chat 7. YohooTalk 8. TikTalk 9. Hello Cha 10. Nidus 11. GlowChat 12. Wave Chat The first six were available on the Google Play Store and were downloaded over 1,400 times before removal. Users are advised to uninstall these apps immediately and remain cautious about downloading unfamiliar applications or clicking on suspicious links.

Winsage

September 18, 2024

Internet Explorer rises from the dead through Windows vulnerability

Cybercriminals, specifically the group Void Banshee, are exploiting vulnerabilities in remnants of Internet Explorer 11, which was retired over two years ago. They are using the vulnerabilities CVE-2024-43461 and CVE-2024-38112 to infiltrate systems in Europe, North America, and Southeast Asia, targeting sensitive information like cookies and passwords. The attacks involve specially crafted .url files that can reactivate Internet Explorer, which still exists within Windows. Additionally, attackers are disguising .hta files as PDFs to bypass security warnings, leading to the installation of the Atlantida InfoStealer, a tool for harvesting sensitive data. Security solutions from companies like Symantec can help protect against these threats.