security concerns Archives

Winsage

June 18, 2025

It’s time to update Asus Armoury Crate, folks—the latest vulnerability could allow hackers to compromise your Windows OS

A newly discovered vulnerability in Asus Armoury Crate, identified as CVE-2025-3464, has a severity rating of 8.4 out of 10 and allows hackers to gain low-level privileges on Windows systems. The affected versions of Armoury Crate range from V5.9.9.0 to V6.1.18.0. Researcher Marcin "Icewall" Noga from Cisco Talos highlighted this issue, prompting Asus to issue a product security advisory. Users are advised to verify their version of Armoury Crate and update to the latest version if necessary. No incidents of this exploit being actively used have been reported thus far. This is the second vulnerability found in an Asus utility within two months, following a separate issue with DriverHub reported in May.

Winsage

June 12, 2025

UEFI BIOS flaws: SecureBoot bypass and firmware replacement possible

Recent findings have identified two vulnerabilities in various UEFI BIOS versions from multiple manufacturers, compromising the SecureBoot mechanism. These vulnerabilities allow attackers to bypass SecureBoot protections and replace firmware, particularly in Insyde BIOSes. The issues stem from unprotected NVRAM variables, specifically the "IhisiParamBuffer," which can be manipulated to execute unsigned UEFI binaries. Affected UEFI applications include "DTBios" and "BiosFlashShell" from DTResearch, with a CVSS score of 8.2. Microsoft has added 14 new hashes to its DBX database to mitigate these risks. Additionally, a vulnerability in the Insyde H2O UEFI firmware app allows attackers to infiltrate digital certificates due to the insecure handling of the "SecureFlashCertData" variable, which is incorrectly treated as trusted memory. This flaw, known as "Hydroph0bia," has a CVSS score of 7.8 and enables unauthorized execution of firmware certified with manipulated certificates. Manufacturers are urged to provide firmware updates to address these vulnerabilities, as inconsistent support for locking UEFI variables raises security concerns.

Winsage

June 11, 2025

Is Microsoft really axing Windows 10? Here’s what you need to know

Windows 10 PCs are displaying more notifications about transitioning to Windows 11, which include security advisories for users staying on Windows 10. Microsoft emphasizes the importance of upgrading due to increasing cyber threats and potential vulnerabilities in Windows 10. Windows 11 offers enhanced security features, a streamlined interface, and improved performance. As Windows 10 nears the end of its support lifecycle, users may face greater risks without regular updates.

Winsage

May 30, 2025

Microsoft Brings Post-Quantum Security To Windows 11 And Linux

Microsoft is incorporating post-quantum cryptography (PQC) into Windows 11 and Linux platforms to enhance its security framework against potential threats from quantum computing. PQC functionalities are now available to Windows Insiders via the Canary Channel Build 27852 and on Linux through SymCrypt-OpenSSL version 1.9.0, allowing customers to test quantum-resistant encryption. Microsoft is enhancing its core cryptographic library, SymCrypt, with new PQC algorithms designed to withstand future quantum decryption capabilities. The company emphasizes the importance of "crypto agility," enabling systems to adapt to new algorithms as they develop. This initiative is part of Microsoft's ongoing commitment to global quantum-safe initiatives and aims to foster innovation and preparedness within the cybersecurity community.

AppWizard

May 30, 2025

Vietnam to block messaging app Telegram over ‘anti-state’ contents

The Vietnamese government has instructed telecommunications companies to block the Telegram messaging app, citing security concerns and the dissemination of "anti-state" content. This directive was issued by the Telecommunications Department and requires service providers to report compliance by June 2. A document from the Ministry of Public Security indicated that 68% of approximately 9,600 Telegram channels and groups in Vietnam were classified as “bad and toxic,” involved in activities such as anti-state messaging, fraud, and drug trafficking. The government referenced Article 9 of the Telecommunications Law and Decree 147 to justify the ban, claiming Telegram had not complied with regulations. Despite the ban, Telegram remained accessible in Vietnam as of the report date. Telegram expressed surprise at the government's actions and confirmed it is responding to legal requests from Vietnam.

AppWizard

May 29, 2025

Vietnam orders ban on Telegram messaging app over security concerns

Vietnam's telecommunications providers have been instructed to block access to Telegram due to national security concerns and alleged non-compliance with local laws. The Ministry of Information and Communications claims that 70% of Telegram channels in Vietnam are linked to illicit activities, including fraud and drug trafficking. Officials allege that Telegram has failed to remove illegal content and provide user data for investigations. A spokesperson for Telegram stated that the company had responded to legal requests from Vietnam. Vietnam has a history of enforcing strict online content controls, previously threatening to block Facebook and discussing a ban on TikTok. Pavel Durov, the founder of Telegram, was arrested in France earlier this year over allegations related to cybercrime and expressed his commitment to improving the platform's security in light of its rapid user growth to 950 million.

Winsage

May 22, 2025

Signal will block Microsoft Recall from snooping on your texts

Encrypted messaging platform Signal is enhancing its Windows application with a feature called Screen Security, which prevents screenshots of messages while the app is in use. The application is flagged as protected by Digital Rights Management (DRM), ensuring that DRM content cannot be recorded in screenshots on Windows devices. Screen Security is activated by default but can be disabled by users if needed. Signal hopes that AI developers will consider the implications of their innovations more thoughtfully. The Recall feature in Windows 11, which allows users to record everything displayed on their screens, has faced privacy and security concerns, and skepticism remains about its readiness for widespread adoption.

AppWizard

May 16, 2025

Android users lose key Nextcloud feature because Google said so, and the reason doesn’t add up

Google has restricted file upload capabilities for the Nextcloud Files Android app by revoking the "All files access" permission, which has been essential for the app since 2011. This change prevents Android users from uploading various file types to their Nextcloud accounts. Nextcloud has expressed frustration over this decision, suggesting it is a strategic move by Google to maintain dominance in the cloud storage market and favor its own applications. The alternatives proposed by Google, such as the MediaStore API or Storage Access Framework (SAF), do not meet Nextcloud's functionality needs. Nextcloud draws parallels to past corporate tactics that limited competition and highlights ongoing concerns regarding fair competition and regulatory responses.

Winsage

May 15, 2025

Windows 10 is dying, hardware is pricey, and Citrix says VDI will save you

Citrix is promoting its virtualization platforms to address rising hardware costs and upcoming U.S. tariffs effective April 2025. Vice President Philipp Benkler suggested that organizations could extend the lifespan of existing hardware by using eLux, an operating system acquired from Unicon. As businesses face the end-of-life for Windows 10 and the transition to Windows 11, Citrix advocates for deploying centrally managed remote desktops from existing endpoints through its virtual desktop infrastructure (VDI) platform. However, VDI implementation can face challenges such as "boot storms," which may lead to performance issues. Citrix recommends its NetScaler platform to manage these challenges without requiring additional hardware. While Citrix's approach aims to mitigate tariff-related costs, the company has increased its licensing prices, necessitating careful evaluation by organizations considering VDI. Security concerns also arise with NetScaler, as it is often targeted by cybercriminals, potentially introducing vulnerabilities. The effectiveness of Citrix's solution depends on each organization's IT landscape, budget, and ability to manage technical complexities.

Winsage

May 14, 2025

Microsoft’s upcoming OneDrive update bypasses security protocols between business and personal files

Microsoft is integrating its products into the user experience, with OneDrive being a prominent example. The upcoming June update will introduce a feature called "Prompt to Add Personal Account to OneDrive Sync," which encourages users on business devices to sync files with personal accounts, potentially compromising security by exposing sensitive business data. Many users are unaware they are using OneDrive, leading to confusion and frustration, especially among older individuals. To address concerns about the update, users can consult their IT department to implement policies that disable the synchronization prompt or personal sync altogether.