protections Archives

AppWizard

August 9, 2025

Despite requiring Secure Boot, Battlefield 6 already has cheaters

EA and DICE announced that Battlefield 6 will require Secure Boot State, a BIOS setting accessible to most users, alongside the implementation of EA’s Javelin anti-cheat system. The early appearance of cheaters in the game's Open Beta has raised concerns among players. Secure Boot is a security feature that ensures only trusted software can run during system startup, preventing malicious software from loading. Most motherboards released in the last five to six years support Secure Boot, but enabling it may be complicated for some users. The presence of hacks in the game has led to frustration, as players expected Secure Boot and the Javelin anti-cheat system to provide effective protection against cheating.

Tech Optimizer

August 7, 2025

Hackers are abusing this Intel tool to disable Windows 11’s built-in antivirus — don’t fall for this

The Akira ransomware has been using a legitimate Intel CPU tuning driver to disable Microsoft Defender, allowing hackers to gain kernel-level access to systems. This method, known as BYOVD (Bring Your Own Vulnerable Driver), involves exploiting signed drivers with known vulnerabilities for privilege escalation. Researchers found that the execution of the driver modifies Microsoft Defender's DisableAntiSpyware settings in the Windows Registry using regedit.exe. Guidepoint Security has responded by providing a YARA rule and indicators of compromise to help organizations defend against these attacks, emphasizing the need for vigilance and caution when downloading software.

Tech Optimizer

August 7, 2025

Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses

Attackers have been using the ThrottleStop.sys driver to disable antivirus software in compromised networks since October 2024. This driver, designed for CPU throttling, allows malware to gain kernel-level memory access and terminate security processes. Initial access is typically gained through stolen RDP credentials or brute-forced administrative accounts, enabling the deployment of the AV killer alongside ransomware like MedusaLocker. Once inside, attackers extract additional user credentials using tools like Mimikatz and move laterally with Pass-the-Hash techniques. They upload two key components, ThrottleBlood.sys (the renamed driver) and All.exe (the AV killer), to user directories. The malware effectively disables Windows Defender and other endpoint protections, leading to severe data encryption in industries with exposed RDP endpoints, particularly affecting victims in Brazil, Ukraine, Kazakhstan, Belarus, and Russia. Securelist analysts noted that traditional self-defense features in Kaspersky products can counter this AV killer, but many organizations still rely on less effective solutions. The malware exploits two vulnerable IOCTL functions in the ThrottleStop.sys driver, allowing arbitrary memory reads and writes. It uses a loop to match and terminate antivirus processes by invoking kernel functions. The malware avoids detection by restoring original kernel bytes after execution. This situation highlights the need for improved driver integrity monitoring and robust security strategies.

AppWizard

August 7, 2025

Battlefield 6 Open Beta Forces PC Gamers to Mess About With Their BIOS to Enable Secure Boot — and Call of Duty: Black Ops 7 Is Next

Battlefield 6 requires players to enable Secure Boot on PC to access the Open Beta. EA has published a user guide to assist players in enabling Secure Boot, which involves accessing the BIOS and ensuring that TPM 2.0 is activated and the Windows disk is formatted as GPT. This requirement may be challenging for less experienced PC gamers. Activision has also announced that Call of Duty: Black Ops 7 will mandate Secure Boot for PC players. The shift towards requiring TPM 2.0 and Secure Boot is aimed at enhancing game security and combating cheating in competitive multiplayer games.

AppWizard

August 6, 2025

‘Call of Duty: Black Ops 7’ will require TPM 2.0, Windows Secure Boot for Black Ops 7 — Activision testing Ricochet anti-cheat update in upcoming season

Activision has announced that PC players of Call of Duty: Black Ops 7 will need to enable Windows Secure Boot and use a system with Trusted Platform Module 2.0 (TPM 2.0) technology. This initiative will begin testing during Season 5 of Call of Duty: Black Ops 6 and Call of Duty: Warzone, but enforcement will not be immediate. The Ricochet anti-cheat team will notify players who have not updated their systems to comply. Activision assures that the TPM 2.0 and Secure Boot processes will not access personal files and will not affect in-game performance. Two-factor authentication (2FA) is encouraged but not yet mandatory, and players using a free trial of Game Pass on PC will be restricted from accessing multiplayer ranked play. Electronic Arts' Battlefield 6 will also incorporate Secure Boot as part of its anti-cheat system, limiting players to Windows.

Winsage

August 4, 2025

North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections

Security researchers at Genians Security Center discovered a new variant of the RoKRAT malware linked to the North Korean APT37 threat group. This malware uses steganography to hide malicious payloads within JPEG files, allowing it to evade traditional antivirus detection. It is typically distributed through malicious shortcut files within ZIP archives, often disguised as legitimate documents. The malware employs a two-stage encrypted shellcode injection method, utilizing PowerShell and batch scripts to execute its payloads in memory. It collects system information, documents, and screenshots, exfiltrating data via compromised cloud APIs. The command and control accounts associated with the malware are linked to Russian email services. Variants of RoKRAT have evolved to include different injection methods and reference specific PDB paths. Indicators of compromise include various MD5 hashes associated with the malware.

BetaBeacon

August 2, 2025

The Epic Games ‘total victory’ doesn’t mean as much as it wants you to think

Google lost its appeal against a 2023 verdict that found its app store and payments system to be illegal monopolies. The company must make changes such as allowing app developers to advertise other app distribution platforms and limit perks for installing its own apps. Epic Games' relationship with the Chinese state and Microsoft's potential foothold in the mobile world are also mentioned. The outcome of the case may result in changes to how apps are installed and the profits made by companies like Google and Epic Games. Appeals, injunctions, and new cases related to the issue are expected to continue.

Tech Optimizer

July 31, 2025

Mac Antivirus Battle: Independent Tests Crown Avast Best Protection Against Rising Malware Threats

Software Experts has recognized Avast Premium Security and Avast Ultimate as top malware protection solutions for Mac users. This acknowledgment comes amid rising cybersecurity threats targeting Apple devices. Avast is known for its comprehensive digital protection, offering antivirus, privacy, and performance tools. Despite macOS's built-in security features, experts recommend third-party protection due to increasing cyber threats. In its 2025 analysis, Software Experts evaluated Avast's performance in malware protection, usability, real-world effectiveness, and feature set, with Avast excelling in all areas. Avast Premium Security includes defenses against viruses, spyware, ransomware, and phishing threats, featuring real-time malware detection and alerts for insecure Wi-Fi networks. The newly introduced Scam Guardian Pro enhances protection against online scams with AI-driven tools. Avast Ultimate extends its offerings to a multi-device solution, including a VPN, device performance optimizer, and anti-tracking tool. In 2024, AV-Test awarded Avast the Best macOS Security Award for Consumer Users, and AV-Comparatives recognized it as a Top-Rated Product in 2023. Avast's Ransomware Shield protects personal files from unauthorized modifications, and both products are available as single-device or multi-device subscriptions. Avast's Stay Safe Virus Guarantee provides virus removal support and a refund if malware cannot be eliminated. The review emphasizes the need for reliable cybersecurity software as online threats evolve, highlighting Avast's combination of antivirus protection, privacy tools, and device optimization.

AppWizard

July 30, 2025

Tea dating app breach bigger than previously thought, company says

A recent investigation revealed that a cyberattack on the dating advice app Tea compromised users' direct messages and personal photos, including 59,000 accessed images and messages. The app's system has been taken offline as a precaution. Users' selfies uploaded prior to February 2024 were among the sensitive information exposed. Cybersecurity expert Ted Miracco criticized Tea for inadequate security measures and emphasized the risks of sharing personal information on popular applications.

Winsage

July 29, 2025

Microsoft will stop supporting Windows 11 22H2 in October

Microsoft has announced that servicing for the last supported editions of Windows 11 22H2 (Enterprise, Education, and IoT Enterprise) will end on October 14. The final monthly security update for this version will be in October 2025, after which devices will no longer receive updates. Microsoft is implementing an automatic feature update for Windows 11 consumer and non-managed business devices that have reached their end of servicing to ensure continued security updates. Users can choose a convenient time for their devices to reboot for the Windows 24H2 feature update. The Windows 11 24H2 update began rolling out in May 2024 for enterprise customers and became available for eligible devices in October. Microsoft has established upgrade blocks for the 24H2 update on devices with incompatible drivers and software.