- Kids games designed for children between the ages of 3 and 12 are now available on Android Auto, allowing them to play on the car's infotainment display while parked.
Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.
Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.
Many Android users seek alternatives to default applications, but six Google apps are deemed indispensable due to their speed, reliability, and integration.
Google Keep allows for quick note-taking with features like labels, checklists, and real-time syncing across devices, boasting over 1 billion installs. The Google app serves as a central hub for various functions, providing seamless integration that enhances the Android experience. Google Maps excels as a navigation and discovery tool, with over 10 billion installs and features like offline maps and user-generated content. Android Auto offers a user-friendly interface for driving, becoming a standard feature in new vehicles. Google Photos backs up images effortlessly, with over 5 billion installs, and provides powerful search capabilities. NotebookLM allows users to input documents and web clippings for research, functioning as a research assistant.
These six apps stand out for their unique combination of speed, scale, and integration, making them essential for Android users.
Cybercriminals are sending counterfeit email invitations that, when clicked, install a backdoor on the victim's computer, allowing hackers full control. The scam often involves downloading a file named “invites.msi,” which is a Windows Installer package. This file can install ScreenConnect, a legitimate remote support tool that can be exploited by attackers to monitor screens, access files, and deploy additional malware. Many security engines fail to flag this software as malicious, making it difficult to detect. If someone suspects they have fallen victim to this scam, they should disconnect from the internet, check for and uninstall any remote management software, run a comprehensive antivirus scan, change passwords for critical accounts, enable two-factor authentication, inform their IT department if applicable, and consider performing a full Windows reset. The scam originated from a compromised email account, which was used to send the malicious link to contacts. Implementing two-factor authentication and using a password manager can help prevent such incidents. Users should be cautious of any email invitations that require downloading and running installer files.
Microsoft is introducing native image support in its Notepad application as part of its Windows Insider builds, indicated by a new image icon in the toolbar. This feature is expected to enhance Notepad's Markdown capabilities, allowing users to render images in Markdown documents and insert images directly into notes. The changes come after the removal of WordPad from Windows 11, prompting Microsoft to integrate essential features into Notepad to streamline the default app lineup. Notepad has already seen updates like tabs, spell check, and a modernized user interface while maintaining performance. Users can disable formatting and other features to retain the traditional Notepad experience. The updates aim to cater to diverse user needs, including developers and office workers, while simplifying maintenance for enterprises.
Google is transitioning from its traditional Weather app to a streamlined experience through its Search results. This change, which has been gradually implemented, now directs users from the Weather homescreen shortcut to a Google Search results page for weather information. The new search page features the Froggy card displaying current conditions and hourly forecasts, along with a 10-day forecast carousel and dropdown menus for various weather metrics. AI-driven overviews have also been integrated to enhance the user experience. As more devices receive updates, the previous fullscreen Weather experience is being phased out, indicating a consolidation of Google’s weather offerings in favor of Search.
Attackers are using social media advertising, specifically paid Facebook ads, to promote a malware campaign disguised as legitimate Microsoft promotions. They create near-exact replicas of the official Windows 11 download page to lure users into downloading malicious software. The deceptive domains used include ms-25h2-download[.]pro and ms-25h2-update[.]pro. The malware campaign employs geofencing to selectively target victims, redirecting security researchers to benign sites while delivering malware to unsuspecting users. The malicious file, named ms-update32.exe, is hosted on GitHub and mimics the size of a legitimate Windows installer. Once executed, it checks for monitoring tools and, if none are detected, installs an application named "Lunar" that collects sensitive data, including cryptocurrency wallet information. The malware maintains persistence by writing data to the Windows registry and employs various obfuscation techniques to evade detection. The attackers run parallel ad campaigns with different Facebook Pixel IDs to ensure continued operation even if one is suspended. Indicators of compromise include specific file hashes, domains, file system artifacts, and registry keys associated with the malware.
Windrose is a survival crafting game with a pirate theme that offers a unique twist on the genre. Players begin the game after being shot and saved by magical elements, leading to a quest involving foraging, crafting, and revenge. The crafting loop includes gathering resources like wood and rocks to build crafting stations. A notable feature allows players to access stored resources from their base without carrying them in their inventory, enhancing gameplay efficiency. Players can sail to other islands, although the initial vessel provided is modest. A mechanic allows players to restore their boat easily, improving the sailing experience. Windrose aims to provide a balanced mix of gathering, building, and combat, and offers a demo for players to try the game without commitment.
Users of Google Photos are experiencing syncing issues where images uploaded via the Google Photos website are not syncing back to the mobile app. This problem began last Thursday, affecting some users while others report normal functionality. Google has not issued a formal statement but a product expert confirmed that the Photos team is aware of the issue and is working on a fix, although no timeline has been provided.
