protective measures Archives

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

Tech Optimizer

January 7, 2026

List of Android Antivirus Software

TraceX Guard is developed by TraceX Labs and provides comprehensive protection against mobile threats such as viruses, spyware, ransomware, and phishing links, utilizing AI-powered threat detection and real-time security monitoring. Avast Antivirus, created by Avast Software, offers malware scanning, real-time threat detection, app locking, Wi-Fi security checks, and privacy protection tools, making it popular among Android users. AVG AntiVirus, developed by AVG Technologies, includes malware protection, app scanning, performance optimization, and privacy features, sharing core technology with Avast. Malwarebytes is an anti-malware solution for Android that detects and removes malware, adware, ransomware, and potentially unwanted programs, focusing on privacy protection and safe browsing.

Tech Optimizer

January 7, 2026

Best Antivirus Software (January 2026): Webroot Recognized for Lightweight Protection by Expert Consumers

Webroot has been recognized by Expert Consumers for its innovative antivirus protection, which offers essential security features with minimal impact on system performance. The software is cloud-based and lightweight, providing real-time protection while using minimal system resources. It leverages cloud technology for threat analysis, allowing for quick scans and unobtrusive background protection. Webroot includes real-time monitoring, flexible scanning options, phishing protection, and ransomware protection. It also addresses threats to personal data and offers protection for mobile devices and Chromebooks. Webroot's product lineup includes various plans tailored to user needs, from basic antivirus protection to comprehensive plans with identity protection features. The software is designed to operate consistently in the background, ensuring usability and reducing the risk of misconfigurations.

Tech Optimizer

December 25, 2025

New malware can read your chats and steal your money

The Android banking trojan Sturnus has emerged as a significant cybersecurity threat, capable of taking control of a device's screen, stealing banking credentials, and accessing encrypted communications from trusted applications. It operates stealthily, capturing decrypted messages without breaking encryption. To protect against Sturnus, users should employ robust antivirus software, be vigilant with app prompts, and exercise caution with links and attachments, as malware is often spread through these channels. Attackers can remotely control devices to execute financial transactions without user knowledge.

Tech Optimizer

December 4, 2025

Cyber security essentials with WSA partner PureCyber

Cyber security is crucial for organizations in the sport and leisure sector to protect digital assets from hackers and cybercriminals. Neglecting cyber security can lead to financial losses, reputational damage, operational disruptions, and legal issues. Key practices for enhancing cyber security include keeping software updated, using strong passwords, training employees, and employing firewalls and antivirus solutions. The Welsh Sports Association (WSA) has partnered with PureCyber to offer a subscription service called Foundations, which provides various cyber security benefits such as incident response, phishing simulations, endpoint detection and response, dark web monitoring, employee training, Microsoft 365 protection, and vulnerability management. WSA members can access this service at preferential rates, and a Lunchtime Learning session will be held to improve skills within member organizations. Interested parties can contact Maria Lopez for more information on the subscription.

AppWizard

December 4, 2025

Android now warns before you open banking apps during risky calls

Google is adding new in-call scam protection tools to Android for users in the United States. The feature warns users when they share screens with unknown numbers during financial app calls and includes a 30-second alert to prevent sharing sensitive banking details. This protection has already been rolled out in the UK, India, and Brazil and applies to calls involving banking applications and peer-to-peer payment platforms.

AppWizard

November 26, 2025

This new Android malware can control your phone and swipe your banking data

A new malware called Sturnus spreads through sideloaded APKs and can steal chats, banking information, and control devices. It reads decrypted chats, creates fake banking overlays, and can remotely access Android devices. Sturnus disguises itself with fake Android update screens, and users in Europe have already fallen victim to it. The malware is primarily spread through attachments sent via messaging applications and exploits Accessibility settings to read screen content and impose overlays on banking applications. Google has not detected this malware in the Google Play Store, thanks to Play Protect's scanning efforts. Users are advised to exercise caution when downloading APKs.

Winsage

November 21, 2025

CVE-2025-50165: Critical Flaw in Windows Graphics Component

In May 2025, Zscaler ThreatLabz identified a critical remote code execution vulnerability, CVE-2025-50165, with a CVSS score of 9.8, affecting the Windows Graphics Component within the windowscodecs.dll library. Applications relying on this library, including Microsoft Office documents, are vulnerable to exploitation via a malicious JPEG image. When a user opens such a file, their system can be compromised, allowing remote code execution. Microsoft released a patch for this vulnerability on August 12, 2025, affecting several versions of Windows, including Windows Server 2025 and Windows 11 Version 24H2 for both x64 and ARM64-based systems. ThreatLabz recommends that all Windows users update their applications to the patched versions. The attack chain involves crafting a JPEG image to exploit the vulnerability, which can be triggered directly or indirectly through other files. The vulnerability's analysis revealed issues with uninitialized memory and the need for a Control Flow Guard bypass for exploitation. Attackers can manipulate the instruction pointer through heap spraying and Return-Oriented Programming. ThreatLabz developed a Proof-of-Concept application to demonstrate the exploitation process and has implemented protective measures against the vulnerability.

Tech Optimizer

November 20, 2025

How to implement Dynamic SQL in PostgreSQL 10

Dynamic SQL in PostgreSQL allows developers to streamline querying processes and reduce repetitive tasks. It is implemented using the EXECUTE statement, which evaluates a string input. Dynamic SQL can be used for executing DDL statements, such as analyzing tables within a schema, and for DML statements, enabling interactive data manipulation, like filtering results in a billing application. PL/pgSQL caching can lead to inefficiencies in dynamic SQL scenarios where execution plans vary. Security risks, particularly SQL injection vulnerabilities, are associated with dynamic SQL. Recommended practices to mitigate these risks include using the USING clause for parameterized statements, employing the format function for query construction, and utilizing functions like quote_ident() and quote_literal() for proper formatting.