security protocols Archives

Winsage

August 17, 2025

Native gaming via Xbox app arrives on Windows on Arm with latest update

Microsoft has introduced several key features in its latest update, including enhanced security protocols to protect sensitive data, a streamlined user interface for smoother navigation, and the integration of AI tools to improve productivity and creativity. The company emphasizes community engagement by inviting user feedback to align updates with their needs.

AppWizard

August 14, 2025

Surge in Android Malware Targets Banking Apps with NFC Fraud

A new wave of Android malware is targeting banking applications, utilizing techniques such as NFC relay fraud, call hijacking, and root-level exploits. Variants like PhantomCard, SpyBanker, and KernelSU are designed to infiltrate devices and manipulate transactions in real time. PhantomCard mimics legitimate NFC payment processes, SpyBanker hijacks calls from financial institutions, and KernelSU exploits kernel vulnerabilities for persistent access. This malware has affected thousands of devices, with attackers using disguises on the Google Play Store and phishing campaigns. A related variant, Anatsa, impacted over 90,000 users through fake PDF applications. The rise of such malware correlates with the increasing adoption of contactless payments, particularly in Europe and Asia. Experts recommend that banks enhance their defenses with behavioral analytics and that users enable app verification. Additionally, malware like KernelSU allows evasion of detection by operating at the system's core. Cybersecurity firms suggest a multi-layered security approach, including device encryption and AI-driven threat detection, to combat these evolving threats.

AppWizard

August 9, 2025

Battlefield 6’s anti-cheat has already stopped 330,000 ‘attempts to cheat’ in the open beta, but players are still calling out wallhackers who slip through the net

The Battlefield 6 open beta has seen reports of cheaters using wall hacks, despite EA's implementation of the Javelin anti-cheat system. EA's anti-cheat team has noted that Secure Boot is not a definitive solution and requires ongoing data to adapt to new cheating methods. Players need relatively new gaming rigs to participate, and those on Linux systems are excluded. The presence of cheaters on the first day raises concerns about the effectiveness of anti-cheat measures ahead of the beta's wider release on August 9. The community hopes that the influx of players will not lead to increased cheating, aiming for a balanced gaming experience.

Tech Optimizer

August 8, 2025

Cyberattackers Leverage Trusted Drivers to Disable Antivirus Software and Bypass Security Protocols

A cyberattack on a Brazilian enterprise involved the use of legitimate, digitally signed drivers to disable antivirus solutions and deploy MedusaLocker ransomware. The attackers executed a Bring Your Own Vulnerable Driver (BYOVD) attack by exploiting the ThrottleStop.sys driver, which has a critical vulnerability (CVE-2025-7771) allowing unauthorized memory access. They compromised an SMTP server using valid RDP credentials, extracted user credentials with Mimikatz, and moved laterally across the network. The attackers uploaded and executed an AV killer program and a renamed version of the driver, terminating antivirus processes to facilitate ransomware deployment. The malware targeted major antivirus vendors and employed kernel-level commands to eliminate security processes. Recommendations for defense include multi-factor authentication, hardening RDP access, and implementing layered security measures.

Winsage

August 5, 2025

How Can An Image Become A Weapon? Unpacking the RoKRAT Threat To Windows Users

Cybercriminals are using a sophisticated attack method involving a remote access trojan called RoKRAT, which is embedded within standard JPEG image files. This technique, a variant of steganography, allows the malware to evade detection by conventional security systems. The attack is linked to an advanced persistent threat group known as APT37. The process involves embedding a malicious module within a JPEG file, which, when opened, triggers the malware to inject its code into the MS Paint application. Researchers found that the RoKRAT module is often concealed in images downloaded from cloud storage services, complicating detection efforts. Authorities are warning users to exercise caution with files from unverified sources and to keep their security systems updated.

Tech Optimizer

July 30, 2025

JSCEAL Malware Targets Crypto Users via Fake Facebook Ads

A new malware strain called JSCEAL has emerged, targeting cryptocurrency users by exploiting online advertising. Active since early 2025, it masquerades as legitimate trading applications and uses deceptive ads on platforms like Facebook to lure victims. The malware impersonates well-known exchanges such as Coinbase, Binance, and OKX, tricking users into downloading counterfeit apps that harvest sensitive information like credentials and wallet data. Over 35,000 malicious ads were tracked in 2025, affecting thousands of users. JSCEAL employs malvertising tactics, redirects users to counterfeit websites, and uses JavaScript-based payloads to exploit browser vulnerabilities. Its polymorphic code allows it to evade detection, and it can take remote control of devices using Android Accessibility permissions. Cryptocurrency exchanges are responding by enhancing security measures and advising users to verify app sources, implement multi-factor authentication, and use ad blockers. Users are encouraged to enable browser extensions that flag suspicious sites and to download applications only from official stores.

AppWizard

July 28, 2025

EU Age Verification App to Ban Android Apps Not Licensed by Google

The European Union is enhancing its age verification system for social media by incorporating an Android app integrity check to ensure users are 18 or older before accessing adult content. This involves a white-label application to authenticate the legitimacy of the age verification app, which must be licensed by Google and downloaded from the Google Play Store. Users of custom ROMs may face restrictions, as the integrity check will not allow sideloaded or self-compiled applications. The age verification framework is still in planning, but the EU assures that user data will remain private and not monitored after verification.

Winsage

July 28, 2025

AdGuard joins the Windows Recall backlash party — “Leaving backdoors wide open and hoping Microsoft will always act in good faith isn’t a solid privacy strategy”

Windows Recall is a feature from Microsoft that has faced criticism for being a potential security hazard and a public relations misstep. It was introduced with the 24H2 release, which included advanced AI functionalities. The feature relies on a neural processing unit (NPU) that operates independently of the cloud to emphasize privacy and security. In April 2025, Windows Recall became widely available for Copilot+ PCs, with security measures like isolating it within a "VBS Enclave" to protect sensitive data. However, skepticism remains, leading platforms like Signal and Brave to implement their own protective measures against Windows Recall. Signal has introduced a feature to prevent Windows Recall from capturing snapshots of its app, while Brave blocks Windows Recall by default for all its browser windows. AdGuard has also released an update to enhance user privacy by allowing users to disable Windows Recall on Copilot+ PCs, expressing doubts about the effectiveness of Microsoft's security measures.

AppWizard

July 22, 2025

Cybercriminals Merge Android Malware with Click Fraud Apps to Harvest Credentials

Researchers have identified a sophisticated cluster of Android malware that merges brand impersonation with traffic monetization strategies, utilizing Android Package Kit (APK) files to compromise user trust and extract sensitive information. The malware disguises itself as legitimate services and uses social engineering techniques to encourage manual installations. Once installed, it exploits Android's permission model to access device resources and hijack network traffic for advertising fraud. The malware includes various categories such as ad fraud apps, credential stealers, background data harvesters, task reward apps, and gambling apps, each designed to manipulate user interactions and collect sensitive data. Common strategies include redirecting traffic through monetized domains and employing encrypted command-and-control communications. A notable variant is a spoofed Facebook APK that requests extensive permissions and retrieves encrypted configuration files from specific domains. The malware's infrastructure allows it to circumvent Android signature verification and adapt its behavior based on the environment, evading detection. Analysis suggests involvement from Chinese-speaking operators, with connections to underground economies trading stolen data. The campaign combines ad fraud and credential theft, highlighting a dual purpose of monetization and intelligence gathering. Users are advised to limit installations to trusted sources and scrutinize unsolicited APKs to mitigate threats.

Tech Optimizer

July 18, 2025

Redundant statistics slow down your Postgres? Try sampling in pg_stat_statements

pg_stat_statements is a PostgreSQL extension for monitoring query statistics, tracking execution counts, execution times, and row returns. It uses a hash table to store metrics for each query, identified by a key generated from four parameters: queryid, User OID, Database OID, and a toplevel flag. The extension can become a performance hindrance in high contention environments due to locking operations on the hash table. When numerous unique queries are executed, contention for the hash table can lead to significant performance drops. For example, with pg_stat_statements enabled, a system with 48 CPUs showed a TPS drop from 237,437 to 32,112 when executing unique queries. In contrast, with a high volume of similar queries on a 192 CPU machine, enabling pg_stat_statements resulted in a TPS of 484,338 compared to 1,015,425 with it disabled. Query sampling is introduced as a method to mitigate performance issues by recording metrics for only a fraction of executed queries. The pg_stat_statements.sample_rate parameter allows configuration of the proportion of queries tracked. However, sampling can lead to incomplete data and potential security risks if sensitive information is recorded in non-normalized form. Benchmark tests with varying sample_rate values showed that as the sample_rate decreased, TPS increased, and SpinDelay diminished. At a sample_rate of 1.0, TPS was lowest, while at 0.25 and below, SpinDelay effectively disappeared, indicating that sampling can significantly enhance performance under high contention conditions.