Saudi Arabia Archives

Winsage

April 10, 2025

Patch Tuesday leaves some users unable to login to Windows

A recent patch bundle released by Microsoft has caused login issues for some users of Windows Hello on Windows 11 and Server 2025, particularly those with System Guard Secure Launch or Dynamic Root of Trust for Measurement enabled. Affected users may need to reset their login PIN or biometric settings. The problematic patch is KB5055523, which addresses vulnerabilities including CVE-2025-29824, currently exploited by ransomware. Additionally, the March patch KB5053656 has been linked to various issues but also includes enhancements such as bug fixes and new features like Copilot+. Windows 10 users have now received a patch for the CVE-2025-29824 vulnerability.

Winsage

April 9, 2025

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft has addressed a zero-day vulnerability, CVE-2025-29824, exploited by the group Storm-2460, affecting the Windows Common Log File System (CLFS). This vulnerability has been linked to ransomware attacks on organizations in the U.S., Venezuela, Spain, and Saudi Arabia. Storm-2460 has targeted firms in the IT and real estate sectors in the U.S., a financial institution in Venezuela, a software company in Spain, and a retail business in Saudi Arabia. The exploitation allows attackers to escalate privileges from standard user accounts, facilitated by the PipeMagic malware, which has a CVSS score of 7.8. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. This month's security update is Microsoft's fourth addressing over 100 vulnerabilities in the past year, with 18 affecting Microsoft Office products classified as high-severity.

Winsage

April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.

Winsage

April 9, 2025

Exploitation of CLFS zero-day leads to ransomware activity

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) identified a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS), designated as CVE-2025-29824. This vulnerability has been exploited by the PipeMagic malware, attributed to the group Storm-2460, affecting organizations in various sectors across the U.S., Venezuela, Spain, and Saudi Arabia. Microsoft released security updates on April 8, 2025, to address this vulnerability. The exploit allows attackers with standard user privileges to escalate their access, and it was executed from a dllhost.exe process. The exploit utilizes memory corruption techniques and the RtlSetAllBits API to gain all privileges and inject processes into SYSTEM processes. Post-exploitation, the attackers injected a payload into winlogon.exe, leading to ransomware activity characterized by file encryption and the creation of ransom notes. Indicators of compromise include the creation of a CLFS BLF file at C:ProgramDataSkyPDFPDUDrv.blf, command lines associated with ransomware activities, and specific domains linked to PipeMagic. Microsoft advises applying security updates promptly and recommends strategies for mitigating ransomware threats, including enabling cloud-delivered protection and utilizing device discovery.

Winsage

April 9, 2025

Microsoft: Windows CLFS zero-day exploited by ransomware gang

Microsoft reported that the RansomEXX ransomware gang has been exploiting a critical zero-day vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, allowing them to gain SYSTEM privileges on targeted systems. This vulnerability stems from a use-after-free flaw and affects organizations in various sectors, including IT and real estate in the US, financial institutions in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia. Microsoft has released security updates for most affected Windows versions but has postponed patches for Windows 10 x64 and 32-bit systems. Customers running Windows 11, version 24H2, are not vulnerable to the exploitation. The RansomEXX group, also known as Storm-2460, uses the PipeMagic backdoor malware to facilitate the exploitation of CVE-2025-29824, alongside ransomware payloads. The group has targeted high-profile organizations, including GIGABYTE, Konica Minolta, the Texas Department of Transportation, Brazil's court system, Montreal's STM public transport system, and government software provider Tyler Technologies.

AppWizard

April 4, 2025

‘A Minecraft Movie’ Breaks Ground Overseas With Strong $18M+ Through Thursday

Warner Bros/Legendary’s A Minecraft Movie has earned .4M across 55 international markets as of Thursday, excluding its opening in China, which grossed .6M, marking the largest opening for a Hollywood film this year. The film is projected to exceed M in international earnings, with strong performances anticipated in Europe and the Middle East, where it has already earned .4M. In Latin America, the film has achieved a 90% share of the Top 5 titles, with notable performances in Mexico (.9M), Germany (.7M), France (.5M), and Australia (.1M). In China, it achieved a No. 1 start, capturing 30% of the market and ranking as the second biggest import of the year after one day.

AppWizard

March 18, 2025

Here’s why that Embracer Saudi deal fell through

Saber Interactive's CEO, Matt Karch, discussed the collapse of the deal between Embracer Group and Saudi Arabia's Savvy Gaming Group, which initially aimed to secure funding for Turok Dinosaur Hunter and Jurassic Park titles but expanded to include the entire Embracer Group. The potential investment exceeded a billion, and Karch suggested the deal should have remained smaller and more manageable to facilitate approvals. The failure of the deal led to heightened investor expectations and subsequent disappointment, resulting in cuts within Embracer.

Tech Optimizer

February 6, 2025

New Report Antivirus software Market to Reach New Heights by 2034

The global antivirus software market is projected to grow from approximately USD 4.5 billion in 2024 to around USD 9.2 billion by 2034, reflecting a compound annual growth rate (CAGR) of about 6.7% from 2025 to 2034. The market is analyzed by various criteria, including type (standalone, integrated, cloud-based), device (computers, tablets, smartphones, servers), operating system (Windows, macOS, Android, iOS, Linux), and end user (individual, enterprise, government). Key players in the industry include Symantec Corporation, McAfee Inc., Kaspersky Lab, Trend Micro Inc., Avast Software s.r.o., Bitdefender, ESET, Sophos, F-Secure, Panda Security, Microsoft Corporation, NortonLifeLock Inc., Check Point Software Technologies, CrowdStrike Holdings, Inc., SentinelOne, Cylance Inc., Malwarebytes, Qihoo 360 Technology Co. Ltd., and AhnLab Inc. The report also provides regional analysis for North America, Europe, Asia-Pacific, South America, and the Middle East and Africa.

Tech Optimizer

February 3, 2025

Phone Antivirus Software Market 2025 Growth Analysis by Market Size, Share, Manufactures and Forecast till 2033

The Phone Antivirus Software Market is projected to grow at a compound annual growth rate (CAGR) of 8.4% through 2033. Key growth drivers include technological innovations, shifts in consumer behavior, and evolving market demands. The market is segmented by type (Free to Use and Pay to Use) and application (Individual Users and Enterprise Users). It covers various regions, including the United States, Europe, China, Japan, India, Southeast Asia, Latin America, and the Middle East and Africa. Potential limitations to growth include regulatory challenges and economic fluctuations. Businesses are encouraged to identify growth opportunities, understand market dynamics, and implement data-driven strategies.

AppWizard

November 17, 2024

Inside futuristic Minecraft stadium built on a cliff set to host 2034 World Cup

Prince Mohammed bin Salman Stadium will be built near Riyadh, with a capacity of 45,000 seats and a cost exceeding £1 billion. Construction is set to begin in 2026, with completion anticipated in 2029. The stadium will feature a retractable pitch, a man-made lake for cooling, a massive LED wall, and three stands, with one side open to view Qiddiya city. It will incorporate climate control through rainwater collection and will have the capability to switch between grass and artificial turf. The venue is expected to host matches for Al-Nassr and is part of Saudi Arabia's bid to host the 2034 World Cup, with FIFA expected to confirm this on December 11. The stadium will be one of 11 new venues for the World Cup, alongside four existing stadiums.