We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

security challenges

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete
Winsage
May 10, 2025

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Windows users are facing security challenges, including zero-day vulnerabilities and hackers bypassing Windows Defender. Microsoft has removed VPN provisions for Windows Defender and discontinued security support for Windows 10, but users can upgrade to Windows 11 for free. Following the April 8 Patch Tuesday updates, a new folder named "inetpub" appeared on user devices, which Microsoft has warned users not to delete, as it is essential for security protections. This folder is generated after installing updates and is traditionally associated with the Internet Information Services (IIS) web server platform, regardless of whether IIS is installed. If users have deleted the inetpub folder, it can be restored by enabling IIS through the Windows Control Panel.
Another messaging app used by the White House is in hot water
AppWizard
May 7, 2025

Another messaging app used by the White House is in hot water

Former National Security Adviser Mike Waltz has come under scrutiny for using TeleMessage, an app that has recently experienced a security breach resulting in the theft of sensitive data, including direct messages and group chats. High-ranking officials from the Trump administration, including Waltz, Vice President J.D. Vance, Secretary of State Marco Rubio, and Director of National Intelligence Tulsi Gabbard, were reported to have used the app. A photograph captured Waltz during a Cabinet meeting appearing to use TeleMessage to access Signal messages, raising concerns due to his previous controversy involving a chat room on Signal that included a journalist. The security vulnerabilities of TeleMessage have been criticized, particularly as it lacks the robust encryption features of Signal. The app was initially marketed as a solution for preserving messages for government record-keeping, but its reliability has been questioned.
Avast Antivirus Vulnerability Let Attackers Escalate Privileges
Tech Optimizer
April 30, 2025

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

A significant vulnerability, designated as CVE-2025-3500, has been identified in Avast Free Antivirus, allowing attackers to gain elevated system privileges and execute malicious code at the kernel level. The vulnerability has a high CVSS score of 8.8 and was publicly disclosed on April 24, 2025, shortly after a patch was implemented. It originates from inadequate validation of user-supplied data in the aswbidsdriver kernel driver, leading to an integer overflow prior to buffer allocation. Attackers must first execute low-privileged code on the target system to exploit this vulnerability. The flaw affects multiple versions of Avast Free Antivirus, specifically versions ranging from 20.1.2397 to 2016.11.1.2262. A fix was released in version 25.3.9983.922, and users are urged to update their software promptly. Security experts recommend enabling automatic updates and using standard user accounts for daily activities to mitigate risks.
New Security Warning After 1 Billion Windows Users Told Do Not Delete
Winsage
April 27, 2025

New Security Warning After 1 Billion Windows Users Told Do Not Delete

Microsoft's recent security update for Windows has raised concerns among users due to the introduction of a new vulnerability. The update, intended to address the CVE-2025-21204 vulnerability, inadvertently created a folder named inetpub, which Microsoft claims is essential for user protection. Security researcher Kevin Beaumont has warned that this update has introduced a denial of service vulnerability that allows non-admin users to halt future Windows security updates. Microsoft has classified the issue as moderate in severity and suggested that deleting the inetpub symlink and retrying the update may resolve the problem. The report has been forwarded to the Windows security team for potential further action.
Microsoft mystery folder fix might need a fix of its own
Winsage
April 24, 2025

Microsoft mystery folder fix might need a fix of its own

Microsoft's recent patch for CVE-2025-21204 inadvertently reintroduced the inetpub folder at c:inetpub as part of its mitigation strategy, raising concerns among system administrators. Security researcher Kevin Beaumont discovered that this folder created a new vulnerability when he used the mklink command with the /j parameter to redirect the folder to a system executable (notepad.exe). This allowed standard users to prevent Windows updates without administrative rights, as the command could be executed on default-configured systems. Beaumont has notified Microsoft of this vulnerability, but the company has not yet responded.
Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete
Winsage
April 13, 2025

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Windows users are facing security challenges, including a zero-day vulnerability that threatens Windows passwords and hackers bypassing Windows Defender. Microsoft has discontinued VPN support for Windows Defender users and withdrawn security support for Windows 10. A new folder named "inetpub" was created following the April 8 Patch Tuesday updates as part of the fix for CVE-2025-21204, a vulnerability in the Windows Update Stack. This folder has raised concerns among users, prompting Microsoft to advise against deleting it. The creation of the inetpub folder is intended to enhance security, although its purpose remains unclear. Microsoft confirmed that the folder is created regardless of whether Internet Information Services (IIS) is installed on the user's device.
Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely
Winsage
March 5, 2025

Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely

A critical remote code execution vulnerability, designated as CVE-2024-43639, has been identified in Microsoft’s Windows Key Distribution Center (KDC) Proxy. This flaw arises from an integer overflow due to a missing validation check for Kerberos response lengths, allowing unauthenticated remote attackers to execute arbitrary code with the privileges of the target service. The vulnerability specifically affects KDC Proxy servers and was addressed in a November 2024 security update by implementing necessary length validation checks. Organizations using remote authentication services reliant on the KDC Proxy, such as RDP Gateway or DirectAccess, are particularly at risk. Immediate patching is advised, and monitoring for potential exploitation attempts is recommended.
Steam just killed a game that was installing Windows malware
Tech Optimizer
February 13, 2025

Steam just killed a game that was installing Windows malware

The Steam platform experienced a security breach due to a free-to-play game called PirateFi, which was found to be delivering malware to players. The game was available on the Steam store for a week before Valve removed it and banned the developer after discovering it was distributing suspected malware. Approximately 800 users downloaded the game, and some reported compromised Microsoft and Steam passwords, leading to unauthorized access to their game currency. Valve has notified affected users via email, advising them to perform virus scans or format their PCs if necessary. This incident highlights the challenges Steam faces in maintaining security as the platform continues to grow, with over 15,000 new games released last year.
Antivirus Software: Annoying but Necessary
Tech Optimizer
February 3, 2025

Antivirus Software: Annoying but Necessary

Computer viruses and antivirus software have been connected since the early days of the Internet, with McAfee antivirus emerging in 1987. Nearly every computer today uses some form of antivirus software. Paul A. Gagniuc, a professor at the University Politehnica of Bucharest, published a book titled "Antivirus Engines: From Methods to Innovations, Design, and Applications" in October, focusing on malware and antivirus development. Gagniuc began exploring coding and antivirus development in his childhood, creating Scut Antivirus between 2006 and 2008, which was designed to be fast and resource-efficient. The detection process for antivirus software involves cataloging snippets of virus code, with the Aho-Corasick algorithm allowing rapid checks against suspected files. The introduction of Bitcoin in 2009 significantly changed the malware landscape, enabling anonymous operations for hackers. Gagniuc expresses concerns about a decline in technical knowledge among young engineers since 2008, as many focus on high-level programming languages, potentially leading to a de-professionalization in technology. His book aims to address this knowledge gap and contribute to a broader understanding of the field.
Microsoft Confirms Windows 11 Hardware Requirements Won't Go Away -- Redmondmag.com
Winsage
December 7, 2024

Microsoft Confirms Windows 11 Hardware Requirements Won’t Go Away — Redmondmag.com

Microsoft is urging users to transition to Windows 11 as the deadline for Windows 10 support approaches, with a key requirement being that PCs must have Trusted Platform Module (TPM) version 2.0 for installation. Many older PCs do not meet this requirement, which will remain unchanged before the end of Windows 10 support in October 2025. As of November 2024, Windows 10 holds 61.8 percent of the Windows market share, while Windows 11 has 34.9 percent. TPM 2.0 enhances security through advanced encryption and key management, and is integrated with features like Secure Boot and Windows Hello for Business. Microsoft recommends organizations evaluate hardware for TPM 2.0 compatibility, plan and budget for necessary upgrades, and update security policies to incorporate TPM 2.0. An extended support program for Windows 10 is available, but it is not indefinite. TPM 2.0 is deemed essential for maintaining a secure IT environment and is part of a broader Zero Trust strategy.
Search