risks Archives

Winsage

June 13, 2025

Data Doctors: How to work safely in a Windows 10 environment when security updates stop

Microsoft will end support for Windows 10 on October 14, 2025, ceasing all security updates, bug fixes, and technical support. Users have several options for transitioning to Windows 11: 1. Upgrade to Windows 11 if the PC meets compatibility criteria (TPM 2.0 chip and newer processor). 2. Replace the computer with a new one that comes pre-installed with Windows 11. 3. Use an unofficial workaround to install Windows 11 on noncompliant systems, which carries risks such as lack of future updates and system instability. 4. Pay for Extended Security Updates (ESUs) after the deadline, primarily for business customers but potentially available for individuals. Running an unsupported operating system after 2025 is not advisable.

AppWizard

June 13, 2025

XYZAPK Free Download: How to Safely Access Premium Android Apps

XYZAPK is an independent repository specializing in APK files for Android applications, offering modded apps, unpublished versions, and region-restricted software. Users can download APKs for free without needing a Google account. The official XYZAPK website provides secure downloads and installation guides, organized into sections for apps and games. The download process involves browsing for an app, tapping "Download APK," and installing it after enabling "Unknown Sources." Popular downloads include modified versions of Spotify Premium, Minecraft Arcade, and PikaShow. Benefits of using XYZAPK include access to premium apps without costs, bypassing region locks, and privacy from Google account requirements. However, risks involve increased malware exposure, lack of official updates, and potential legal issues. To ensure safety, users should verify the official site, check user ratings, use antivirus software, review permissions, and back up their devices. Compared to other platforms like APKPure or Uptodown, XYZAPK is known for its modded versions, while the latter focus on official releases with enhanced safety checks.

AppWizard

June 13, 2025

5 apps I install on every new phone

Unboxing a new smartphone is an exciting experience that includes setting up essential apps. Spotify provides access to millions of tracks and integrates with Android Auto for music and podcasts. Avast Antivirus offers robust protection and features like threat scanning and a network scanner, ensuring digital security without excessive ads or subscriptions. FitOn is a fitness app that sets realistic goals, tracks activity levels, and offers tailored workouts, including features like celebrity trainers and meal plans. Brave is a browser app that blocks ads and trackers, providing a distraction-free browsing experience with customizable settings. Microsoft 365 allows access to Word and Excel files on the go, with OneDrive for document storage and backup, although some features remain underutilized. These five applications enhance daily smartphone use by serving unique purposes.

Winsage

June 12, 2025

UEFI Vulnerabilities Galore

The FAA is requesting a budget allocation of .0 billion for fiscal year 2026, in addition to a previously committed .0 billion, to address critical infrastructure needs. The agency aims to modernize its outdated telecommunications infrastructure, including the air traffic control (ATC) system, which currently relies on antiquated technology such as paper strips, floppy disks, and Windows 95 computers. The FAA has a four-year timeline for overhauling the ATC system, which poses significant challenges and risks to aviation safety. Additionally, there is a need to replace the existing radar system and transition to a modern IP-based network, requiring careful consideration of security measures and operational dynamics.

Tech Optimizer

June 12, 2025

That ‘unsubscribe’ link is actually a hidden security risk

The "click to unsubscribe" button in emails may pose a security threat, as engaging with it can lead users to malicious websites. TK Keanini, CTO at DNSFilter, noted that about one in every 644 clicks on such links can direct users to phishing sites designed to steal sensitive information and introduce malware. Experts advise skepticism towards unsubscribe requests from untrusted senders and recommend using "list-unsubscribe headers" in email clients for safer management of subscriptions. Alternatives include using spam filters, blacklisting senders, and employing disposable email addresses for added protection. Additionally, having robust antivirus software is crucial for safeguarding against potential malware threats.

Winsage

June 12, 2025

UEFI BIOS flaws: SecureBoot bypass and firmware replacement possible

Recent findings have identified two vulnerabilities in various UEFI BIOS versions from multiple manufacturers, compromising the SecureBoot mechanism. These vulnerabilities allow attackers to bypass SecureBoot protections and replace firmware, particularly in Insyde BIOSes. The issues stem from unprotected NVRAM variables, specifically the "IhisiParamBuffer," which can be manipulated to execute unsigned UEFI binaries. Affected UEFI applications include "DTBios" and "BiosFlashShell" from DTResearch, with a CVSS score of 8.2. Microsoft has added 14 new hashes to its DBX database to mitigate these risks. Additionally, a vulnerability in the Insyde H2O UEFI firmware app allows attackers to infiltrate digital certificates due to the insecure handling of the "SecureFlashCertData" variable, which is incorrectly treated as trusted memory. This flaw, known as "Hydroph0bia," has a CVSS score of 7.8 and enables unauthorized execution of firmware certified with manipulated certificates. Manufacturers are urged to provide firmware updates to address these vulnerabilities, as inconsistent support for locking UEFI variables raises security concerns.

Winsage

June 11, 2025

NZ firms face cover risks as Windows 10 ends

Regular software updates are crucial for cybersecurity, as outdated systems, particularly Windows 10, expose businesses to vulnerabilities. Without timely security patches, organizations risk cyberattacks, data breaches, and financial losses. Additionally, outdated software may not be covered by cybersecurity insurance, increasing financial vulnerability in case of a cyber incident. Businesses are encouraged to prioritize software updates to protect digital assets and comply with insurance requirements.

Winsage

June 11, 2025

Is Microsoft really axing Windows 10? Here’s what you need to know

Windows 10 PCs are displaying more notifications about transitioning to Windows 11, which include security advisories for users staying on Windows 10. Microsoft emphasizes the importance of upgrading due to increasing cyber threats and potential vulnerabilities in Windows 10. Windows 11 offers enhanced security features, a streamlined interface, and improved performance. As Windows 10 nears the end of its support lifecycle, users may face greater risks without regular updates.

AppWizard

June 11, 2025

Experts warn of risks linked to period tracker apps

Academics from the University of Cambridge have raised concerns about the collection and commercialization of personal information through menstrual tracking applications, which have over 250 million downloads globally. These apps collect extensive data, including exercise, diet, medication, sexual preferences, hormone levels, and contraception use, making menstrual data valuable for consumer profiling. The report highlights that information on pregnancy status is particularly sought after in digital advertising, leading to risks of exploitation for targeted ads. If this data is misused, it could result in health insurance discrimination, employment risks, or domestic abuse. The researchers advocate for enhanced governance in the femtech industry, emphasizing the need for improved data security and meaningful user consent. They suggest that public health organizations develop alternatives to commercial tracking apps to prioritize user privacy and safety.

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.