proxy Archives

AppWizard

June 19, 2025

Godfather Android malware now uses virtualization to hijack banking apps

A new iteration of the Android malware "Godfather" has emerged, utilizing advanced techniques to create isolated virtual environments on mobile devices for stealthy account data theft and transaction manipulation from legitimate banking applications. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, employing a comprehensive virtual filesystem, virtual Process ID, intent spoofing, and a component called StubActivity. Godfather is delivered as an APK app with an embedded virtualization framework, scanning for installed target applications and launching them within its virtual environment. It intercepts user interactions with genuine banking apps, capturing sensitive data like credentials and PINs while presenting a legitimate interface. The malware can execute commands to unlock devices and initiate transactions while avoiding detection. Godfather first appeared in March 2021 and has evolved significantly since then, with the latest version representing a notable advancement over previous iterations. Users are advised to download apps only from trusted sources and remain cautious about app permissions to protect against this malware.

Tech Optimizer

June 13, 2025

‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI

A new strain of Windows malware called "BrowserVenom" is exploiting interest in DeepSeek's AI models by targeting users through deceptive Google ads. These ads lead to a counterfeit website, "https[:]//deepseek-platform[.]com," where users are tricked into downloading a harmful file named “AILauncher1.21.exe.” This malware monitors and manipulates internet traffic, allowing attackers to intercept sensitive data. The operation is believed to involve Russian-speaking threat actors, and the malware has infected users in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The fraudulent domain has been suspended, but the malware can evade many antivirus solutions. Users are advised to verify official domains when downloading software.

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.

Tech Optimizer

June 9, 2025

Streamline Amazon Aurora database operations at scale: Introducing the AWS Database Acceleration Toolkit

The AWS Database Acceleration Toolkit (DAT) is an open-source solution that enhances database performance, particularly for Amazon Aurora, by utilizing Terraform for setup, provisioning, and maintenance. DAT helps organizations reduce time to market, improve customer satisfaction, and optimize costs. It is beneficial for DevOps teams, SaaS providers, and enterprises transitioning from commercial databases to Aurora. One example of its effectiveness includes a customer reducing database migration time from 12 months to 4 weeks for over 100 databases, achieving zero outages over six months, increasing database team productivity by 60-70%, and lowering infrastructure costs by 42%. DAT's architecture includes automated resource provisioning and security through Terraform, with source code available in a Git repository. It offers multiple provisioning options for Aurora clusters, including the Terraform CLI and Jenkins pipelines. Key modules include: - Aurora cluster module for creating new clusters with customization options. - Amazon RDS Proxy for enhancing application performance and security. - Aurora GlobalDB for creating clusters across AWS Regions for disaster recovery. - Aurora Monitoring for configuring CloudWatch dashboards to monitor database performance. Use case examples are provided in the Git repository for both Aurora PostgreSQL-Compatible and Aurora MySQL-Compatible engines. Deployment options include using Terraform directly, setting up a new Jenkins instance, or integrating with an existing Jenkins setup. To provision an Aurora PostgreSQL cluster, users must clone the DAT repository, navigate to the appropriate folder, configure the Terraform variable definition file, initialize the working directory, execute a plan, and apply the changes. Security features include customer-managed keys, integration with AWS Secrets Manager for password management, and enhanced monitoring through CloudWatch. To clean up, users can destroy the Aurora cluster with a Terraform command.

AppWizard

May 24, 2025

$40 Steam Game Free for a Limited Time

Warhammer 40,000: Gladius – Relics of War is available for free on Steam until May 26. After this date, it will return to its standard price. The game is not Steam Deck Verified but is categorized as Playable, meaning it may function with some issues on the device. Released in 2018 by Proxy Studios and published by Slitherine, it is the first turn-based 4X strategy game in the Warhammer 40,000 universe. The game has received over 14,000 user reviews on Steam, with 81% being favorable, earning a “Very Positive” rating. The narrative takes place on Gladius Prime, where ancient relics lead to a war for survival. The main campaign takes approximately 10 to 11 hours to complete, while completionists may spend 50 to 55 hours exploring the game.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 20, 2025

Microsoft makes the Windows Subsystem for Linux open source after almost a decade of development

Microsoft has announced that the Windows Subsystem for Linux (WSL) is now open source, marking a significant milestone in its development. The company has closed issue #1 on its GitHub issue tracker, which asked if WSL would be open source since April 6, 2016. WSL allows Windows users to run Linux distributions alongside their operating system and has evolved from WSL 1, which used a pico process provider, to WSL 2, which introduced a dedicated Linux kernel and various enhancements such as GPU support, graphical applications, and systemd support. In 2021, WSL was decoupled from the Windows codebase and made available via the Microsoft Store for Windows 11 users. Future updates will further refine the installation process for Linux distributions.

Winsage

May 20, 2025

Securing the Model Context Protocol: Building a safer agentic future on Windows

The Model Context Protocol (MCP) is a lightweight, open protocol functioning as JSON-RPC over HTTP, facilitating standardized discovery and invocation of tools. MCP defines three roles: MCP Hosts (applications accessing capabilities), MCP Clients (initiators of requests), and MCP Servers (services exposing functionalities). Windows 11 will incorporate MCP to enable developers to create intelligent applications leveraging generative AI. An early preview of MCP capabilities will be available for developer feedback. MCP introduces security risks, including cross-prompt injection, authentication gaps, credential leakage, tool poisoning, lack of containment, limited security review, registry risks, and command injection. To address these, Windows 11's MCP Security Architecture will establish security requirements for MCP servers, ensuring user safety and transparency, enforcing least privilege, and implementing security controls like proxy-mediated communication, tool-level authorization, a central server registry, and runtime isolation. MCP servers must comply with security requirements, including mandatory code signing, unchanged tool definitions at runtime, security testing, mandatory package identity, and declared privileges. An early private preview of MCP server capability will be offered to developers post-Microsoft Build for feedback, with a secure-by-default enforcement strategy planned for broader availability. Microsoft aims to enhance defenses continuously and collaborate with partners to bolster MCP's security framework.

TrendTechie

May 2, 2025

Релиз BitTorrent-клиента Deluge 2.2

Deluge version 2.2 is an open-source, cross-platform BitTorrent client built on libtorrent and the Twisted framework, offering interfaces such as GTK, a web interface, and a console variant. The source code is written in Python and distributed under the GPL license. Deluge operates in a client-server mode, allowing the daemon to run on a remote machine. Key features include support for DHT, UPnP, NAT-PMP, PEX, LSD, protocol encryption, proxy support, selective speed limiting, and sequential download mode. The update introduces support for creating torrents in the BitTorrent v2 format, enhancing security with SHA2-256 and improving efficiency with a Merkle hash tree. The GTK interface now includes light and dark themes and a system tray indicator, while the web interface supports theme switching. Support for Python 3.6 has been removed, with Python 3.7 as the minimum supported version. Additionally, qBittorrent version 5.1 was released on April 27, 2025, as an open-source alternative to µTorrent, with its source code available on GitHub under the GPLv2+ license.

TrendTechie

April 29, 2025

Новые версии открытых Torrent-клиентов

Two open-source torrent clients, Deluge and qBittorrent, have released updated versions. Deluge 2.2 features a cross-platform BitTorrent client developed in Python, utilizing the libtorrent library and Twisted framework. It offers multiple interface options, operates on a client-server model, and supports modern torrenting capabilities such as DHT, UPnP, NAT-PMP, traffic encryption, and proxy connections. The new version includes support for the BitTorrent v2 format, enhancing hash calculations and improving file integrity with SHA2-256 and Merkle hash trees. The minimum required Python version is now 3.7. qBittorrent, developed in C++ using the Qt library, is compatible with Windows, Linux, and macOS. It allows users to search for torrents, manage downloads, set priorities, and configure network settings. The latest version introduces enhancements like drag-and-drop functionality, improved random number generation, and upgraded search capabilities, along with significant improvements to the web interface.