security challenges Archives

Winsage

March 5, 2025

Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely

A critical remote code execution vulnerability, designated as CVE-2024-43639, has been identified in Microsoft’s Windows Key Distribution Center (KDC) Proxy. This flaw arises from an integer overflow due to a missing validation check for Kerberos response lengths, allowing unauthenticated remote attackers to execute arbitrary code with the privileges of the target service. The vulnerability specifically affects KDC Proxy servers and was addressed in a November 2024 security update by implementing necessary length validation checks. Organizations using remote authentication services reliant on the KDC Proxy, such as RDP Gateway or DirectAccess, are particularly at risk. Immediate patching is advised, and monitoring for potential exploitation attempts is recommended.

Tech Optimizer

February 13, 2025

Steam just killed a game that was installing Windows malware

The Steam platform experienced a security breach due to a free-to-play game called PirateFi, which was found to be delivering malware to players. The game was available on the Steam store for a week before Valve removed it and banned the developer after discovering it was distributing suspected malware. Approximately 800 users downloaded the game, and some reported compromised Microsoft and Steam passwords, leading to unauthorized access to their game currency. Valve has notified affected users via email, advising them to perform virus scans or format their PCs if necessary. This incident highlights the challenges Steam faces in maintaining security as the platform continues to grow, with over 15,000 new games released last year.

Tech Optimizer

February 3, 2025

Antivirus Software: Annoying but Necessary

Computer viruses and antivirus software have been connected since the early days of the Internet, with McAfee antivirus emerging in 1987. Nearly every computer today uses some form of antivirus software. Paul A. Gagniuc, a professor at the University Politehnica of Bucharest, published a book titled "Antivirus Engines: From Methods to Innovations, Design, and Applications" in October, focusing on malware and antivirus development. Gagniuc began exploring coding and antivirus development in his childhood, creating Scut Antivirus between 2006 and 2008, which was designed to be fast and resource-efficient. The detection process for antivirus software involves cataloging snippets of virus code, with the Aho-Corasick algorithm allowing rapid checks against suspected files. The introduction of Bitcoin in 2009 significantly changed the malware landscape, enabling anonymous operations for hackers. Gagniuc expresses concerns about a decline in technical knowledge among young engineers since 2008, as many focus on high-level programming languages, potentially leading to a de-professionalization in technology. His book aims to address this knowledge gap and contribute to a broader understanding of the field.

Winsage

December 7, 2024

Microsoft Confirms Windows 11 Hardware Requirements Won’t Go Away — Redmondmag.com

Microsoft is urging users to transition to Windows 11 as the deadline for Windows 10 support approaches, with a key requirement being that PCs must have Trusted Platform Module (TPM) version 2.0 for installation. Many older PCs do not meet this requirement, which will remain unchanged before the end of Windows 10 support in October 2025. As of November 2024, Windows 10 holds 61.8 percent of the Windows market share, while Windows 11 has 34.9 percent. TPM 2.0 enhances security through advanced encryption and key management, and is integrated with features like Secure Boot and Windows Hello for Business. Microsoft recommends organizations evaluate hardware for TPM 2.0 compatibility, plan and budget for necessary upgrades, and update security policies to incorporate TPM 2.0. An extended support program for Windows 10 is available, but it is not indefinite. TPM 2.0 is deemed essential for maintaining a secure IT environment and is part of a broader Zero Trust strategy.

Tech Optimizer

December 5, 2024

Hackers bypass antivirus using corrupted files

Researchers at ANY.RUN have identified a zero-day attack campaign operational since at least August 2024, which employs corrupted files to bypass security measures. Attackers use corrupted files, often disguised as ZIP archives or DOCX documents, to exploit vulnerabilities in file-handling processes, allowing them to evade antivirus software, sandbox environments, and email spam filters. These files execute malicious code when opened, despite their damaged appearance. Conventional antivirus solutions struggle to scan these files effectively, static analysis tools fail to process them, and advanced email filters cannot intercept them. ANY.RUN’s interactive sandbox can dynamically analyze these corrupted files in real-time, identifying malicious activity that traditional security tools miss. The attack process involves delivering a corrupted file via email, leading to detection failure by security tools, execution through built-in recovery mechanisms in applications, and identification of malicious behavior by the sandbox. This highlights the need for advanced threat detection techniques to maintain robust cybersecurity.

Winsage

December 5, 2024

Microsoft refuses to ease Windows 11’s strict hardware requirements, despite the ditching of Windows 10

Users of Windows 10 face a decision as official support ends next year: continue with an unsupported version or upgrade to Windows 11. A major barrier to upgrading is the requirement for TPM 2.0, which many existing Windows 10 machines do not have. Microsoft has reiterated the necessity of TPM 2.0 for a secure Windows 11 experience. Steven Hosking from Microsoft emphasizes that TPM 2.0 offers advanced encryption techniques and enhances security by ensuring only verified software is executed. He encourages migration to Windows 11 to mitigate risks associated with unpatched software and to maintain user trust. Users are advised to plan and budget for upgrading hardware to meet the TPM 2.0 requirement, considering the long-term benefits of enhanced security and compliance.

Winsage

December 5, 2024

Microsoft says having a TPM is “non-negotiable” for Windows 11

Microsoft requires TPM 2.0 support as a non-negotiable prerequisite for upgrading from Windows 10 to Windows 11 to enhance security. TPM 2.0 is a specialized processor that provides hardware-based security functions, such as storing sensitive information securely. As of October 2023, over 61% of Windows systems globally still run Windows 10, while less than 35% have upgraded to Windows 11 since its launch in October 2021. Microsoft will offer an Extended Security Updates (ESU) program for home users to postpone their upgrade to Windows 11 for an additional year, with enrollment opening closer to the end of support for Windows 10 on October 14, 2025. Specialized versions of Windows, like LTSB and LTSC, will continue to receive updates beyond this date. Windows 11 24H2 has begun rolling out to eligible devices running Windows 11, versions 22H2 and 23H2.

Winsage

December 2, 2024

Windows Server 2012 0-day Vulnerability Let Attackers Bypass Security Checks

A significant security vulnerability has been identified in Windows Server 2012 and Server 2012 R2, allowing attackers to bypass security measures enforced by the Mark of the Web (MotW) feature. This zero-day flaw has existed for over two years and affects certain file types, posing a risk even to fully updated systems and those with Extended Security Updates. The vulnerability was discovered by 0patch security researchers and reported to Microsoft, which has developed free micropatches to mitigate the issue until an official fix is released. The affected systems include Windows Server 2012 and 2012 R2, both updated to October 2023, and those with Extended Security Updates. Free micropatches are available for immediate protection on systems with the 0patch Agent. Security experts recommend applying the micropatches, monitoring for official updates from Microsoft, considering upgrades to supported server versions, and implementing additional security measures.

AppWizard

November 27, 2024

Choosing the right secure messaging app for your organization

Liad Shnell, the Chief Technology Officer at Rakuten Viber, discussed key factors organizations should consider when selecting secure messaging applications. Important features include end-to-end encryption, global accessibility, integration capabilities, AI-driven extensibility, and privacy standards like SOC 2 Type 2 and GDPR compliance. To mitigate phishing and malware risks, users should exercise caution with links and verify sender identities. Leading platforms like Viber implement security measures, such as filtering messages from unknown senders and using algorithms to block suspicious activities. The SANS 2024 Security Awareness Report indicates that 89% of respondents view social engineering attacks as a primary concern, emphasizing the need for security awareness programs, clear communication policies, and AI-driven detection tools. Balancing usability and security is essential, with a focus on user experience through AI-driven automation and zero trust principles. Emerging trends include post-quantum cryptography and enhanced AI detection capabilities to maintain authenticity in conversations as technology evolves.

Tech Optimizer

November 20, 2024

No more frights: Microsoft Edge is getting scareware protection

Microsoft is enhancing its Edge browser to protect users from scareware, which includes alarming pop-up windows that mislead users into downloading fraudulent antivirus software. This feature will use machine learning to detect scareware attempts and quarantine potential threats, initially targeting organizations before expanding to individual consumers. The scareware blocker is set to enter public preview in the coming months, although a timeline for widespread availability is uncertain. Other tech companies, like Google, are also improving online safety measures, such as introducing disposable email addresses in Gmail to enhance user privacy.