protective measures Archives

AppWizard

April 1, 2025

Beware new Google ‘yellow warning’ that saves you from costly nightmare

Google has introduced a yellow warning banner in the Google Play Store to alert Android users about apps that are frequently uninstalled. This banner indicates that an app may not be meeting user expectations and could be due to poor functionality, excessive advertisements, or inflated costs. Additionally, Google has implemented two other notifications: one indicating lower user engagement with an app and another showing fewer users compared to other apps. These features aim to help users make more informed app choices and avoid potentially harmful applications. Google Play Protect is also available to scan downloaded apps for security, including those from outside the Play Store. Users can enable settings to improve harmful app detection, enhancing overall safety in the app ecosystem.

AppWizard

April 1, 2025

Gemini could be the next Google service reimagined for kids

Google is developing a child-friendly version of its AI chatbot, Gemini, as indicated by code references found in the Google app for Android version 16.12.39. This version may include a welcome screen for children and features such as story creation, question answering, and homework assistance. Google has implemented protective measures for teenagers using Gemini, including strict content policies to prevent exposure to age-inappropriate material. The company has also introduced other child-friendly features, such as Google Wallet for kids, and has previously collaborated with Samsung on the Galaxy Watch for Kids and offers the Fitbit Ace LTE smartwatch for children.

Tech Optimizer

March 27, 2025

Do Macs need antivirus? Debunking the security myth

Many users believe that Macs are immune to cybersecurity threats, leading them to neglect protective measures. This perception originated from Apple's marketing and the historical lower targeting of Macs due to their smaller market share. However, as the popularity of Macs has increased, so has the development of malware aimed at macOS. Reports indicate that malware targeting Macs has now outpaced that targeting Windows on a per-device basis. While macOS includes strong security features like XProtect, Gatekeeper, and System Integrity Protection, these are not foolproof. XProtect only defends against known malware, leaving users vulnerable to new threats. Macs are susceptible to various types of malware, including adware, Trojans, and phishing attacks. Antivirus software is important for Macs as it protects against evolving malware, shields users from phishing and online scams, enhances privacy protection, and prevents cross-platform threats.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

AppWizard

March 26, 2025

Google Play Store will get more tools to protect users from scammy apps

Google has announced a plan to enhance the safety of its Play Store by implementing protective measures by 2025. Google Play Protect will target malicious applications impersonating financial apps, responding to a rise in fraudulent activities, including ad fraud. The company has already removed 180 fraudulent apps from the Play Store and will alert users about unsafe apps, especially those from outside the Google Play ecosystem. Google will extend its pilot program to additional countries facing malware-based financial threats. Users are encountering significantly more Android malware from external sources. Google aims to make it harder for malicious actors to deceive users and plans to introduce a "verified badge" for secure VPN applications, with plans to expand this to other app categories. For app developers, Google is enhancing the Play Integrity API tool and providing self-help tools for dealing with tampered apps, with features expected to roll out by May. Google is also improving support channels for developers, including expanding the Google Play Developer Help Community to additional languages.

Winsage

March 26, 2025

New Windows Zero-Day Vulnerability Exposes NTLM Credentials – Unofficial Patch Now Available

A zero-day vulnerability has been identified in the Windows operating system, affecting versions from Windows 7 and Server 2008 R2 to Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into opening malicious files in Windows Explorer. Microsoft has been notified, and while there is no official CVE number yet, an unofficial patch is available through 0patch. The flaw is similar to previous vulnerabilities related to NTLM hash disclosures but has not been widely discussed. To exploit it, attackers need network access to the victim's system or a way to relay stolen credentials. 0patch has created micropatches for all affected Windows versions, which are available for free until Microsoft provides an official fix. This is the fourth zero-day vulnerability reported by 0patch recently, with previous vulnerabilities including those in Windows Theme files and the Mark of the Web issue on Server 2012. 0patch also offers patches for NTLM-related vulnerabilities that Microsoft has classified as “wont fix.” Users can create a free account with 0patch for automatic protection against these vulnerabilities. Micropatches are available for various Windows versions, including both legacy and currently supported systems, and will remain free until an official Microsoft fix is released.

Winsage

March 20, 2025

11 nation-state groups exploit unpatched Microsoft zero-day

Since 2017, at least 11 state-sponsored threat groups have exploited a Microsoft zero-day vulnerability in Windows shortcut files for data theft and cyber espionage. Researchers from Trend Micro's Trend Zero Day Initiative have identified nearly 1,000 malicious .lnk files utilizing this flaw, designated as ZDI-CAN-25373, which allows attackers to execute hidden commands on victims' devices. The attacks involve various payloads, including the Lumma infostealer and Remcos remote access Trojan, with North Korean operatives responsible for over 45% of the incidents, while Iran, Russia, and China account for approximately 18% each. Notable advanced persistent threat groups involved include Evil Corp, Kimsuky, Bitter, and Mustang Panda. Microsoft has not yet released a patch for this vulnerability, which is considered unusual, and while Microsoft Defender can detect and block related threats, organizations are advised to remain vigilant and implement protective measures against potential exploitation.

Winsage

March 19, 2025

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

Microsoft has identified a spoofing vulnerability in Windows File Explorer, designated as CVE-2025-24071, with a CVSS score of 7.5. This vulnerability affects various versions of Windows, including Windows 10 (multiple versions), Windows 11 (multiple versions), and Windows Server (multiple versions). Unauthenticated attackers can exploit this vulnerability by crafting RAR/ZIP files containing a malicious SMB path, potentially exposing the user's NTLM hash. Microsoft has released a security patch for supported product versions, and affected users are advised to install it promptly. Users can check their system's vulnerability status by verifying their version and patch information through specific commands.

Winsage

March 12, 2025

CISA Warns of Exploitable Fast FAT Vulnerability in Microsoft Windows

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical vulnerability in the Microsoft Windows Fast FAT File System Driver, identified as CVE-2025-24985. This vulnerability involves an integer overflow issue that could allow unauthorized attackers to execute malicious code on compromised systems, particularly requiring physical access to exploit it. It falls under the Common Weakness Enumeration (CWE) category 190, which pertains to integer overflows. CISA recommends users apply patches from Microsoft, follow Binding Operational Directive (BOD) 22-01 guidance for cloud services, and consider discontinuing use of the affected product if no mitigations are available. There is currently no evidence linking this vulnerability to active ransomware campaigns, but users are urged to remain vigilant.