We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

security risk

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction
Winsage
March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.
Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges
Winsage
March 3, 2025

Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges

Threat actors are exploiting CVE-2025-21333, a critical heap-based buffer overflow vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP), which allows local attackers to escalate privileges to the SYSTEM level. The vulnerability has a CVSS score of 7.8 and is actively exploited. It resides in the vkrnlintvsp.sys driver, which facilitates communication between the host OS and container-like virtual machines. A Proof of Concept (PoC) demonstrates exploitation through I/O ring buffer manipulation, allowing arbitrary read/write in kernel memory and SYSTEM-level privilege escalation. The PoC was developed by a group of researchers including @yarden_shafir and others. Affected systems include Windows 11 Version 23H2 and potentially Version 24H2, with specific binary hashes provided. Limitations of the PoC include the need for Windows Sandbox and potential system crashes due to overflow. Mitigation strategies involve updating systems, enabling protections like Hyper-V isolation, and monitoring for exploitation signs. Microsoft addressed this vulnerability in January 2025 Patch Tuesday updates, urging users to apply patches promptly.
Microsoft does not want you running Windows 11 on an unsupported PC — here's how it will pressure users
Winsage
December 5, 2024

Microsoft does not want you running Windows 11 on an unsupported PC — here’s how it will pressure users

Microsoft is pushing users to transition to Windows 11, particularly those with unsupported hardware, as PCs lacking a TPM 2.0 chip will not be eligible for the operating system. A watermark will be introduced on PCs that do not meet the minimum system requirements, along with a notification in the Settings app informing users of their non-compliance. The message warns that installing Windows 11 on unsupported PCs is not recommended, may lead to compatibility issues, and will result in the loss of support and updates. Windows 10 support ends in October next year, increasing the urgency to upgrade. The hardware requirements, especially the need for a TPM 2.0 chip, have left many older PCs ineligible. While users can purchase a TPM 2.0 module for compatible motherboards, this option is unavailable for laptops. Unsupported PCs may face security risks due to a lack of updates, prompting antivirus companies to find ways to protect these systems. Microsoft's strict hardware criteria may alienate users, as many capable PCs are deemed obsolete.
New Google Play Store Leak—2.5 Billion Users Could Soon See Apps Vanish
AppWizard
November 24, 2024

New Google Play Store Leak—2.5 Billion Users Could Soon See Apps Vanish

Security is a major concern for the Google Play Store, which has 2.5 billion users and 2.25 million apps. Investigations have revealed modifications in the code of version 43.7.19-31 of the Google Play Store app, suggesting a new filtering mechanism that may allow users to exclude apps linking to external sources from search results and recommendations. The specifics of this filtering mechanism are unclear, with no supporting documentation available. There is speculation that this feature could enhance security by preventing malicious entities from redirecting users to external sources through apps. However, it remains uncertain why Google would implement this as an optional filter rather than a mandatory requirement.
Tenable reveals vulnerability in Open Policy Agent for Windows
Winsage
October 28, 2024

Tenable reveals vulnerability in Open Policy Agent for Windows

Tenable has identified a vulnerability, tracked as CVE-2024-8260, affecting all versions of Open Policy Agent (OPA) for Windows prior to version 0.68.0. This medium-severity Server Message Block (SMB) force-authentication vulnerability arises from improper input validation, allowing an arbitrary SMB share to be passed instead of a legitimate Rego file. This can lead to unauthorized access and the leakage of a user's Net-NTLMv2 hash, posing a significant security threat. Organizations using older versions of OPA on Windows are advised to update to version 0.68.0 to mitigate this risk.
How to secure your devices: Updates, antivirus and mobile protection
Tech Optimizer
October 18, 2024

How to secure your devices: Updates, antivirus and mobile protection

Safeguarding devices against cyber threats is essential due to the sensitive personal and financial information they contain. Key security measures include regular software updates, robust antivirus solutions, and protective strategies for mobile devices. To update software and operating systems, users can enable automatic updates in Windows by navigating to Settings > Update & Security > Windows Update and turning on “Automatic Updates.” For macOS, users can go to System Preferences > Software Update and check the box for “Automatically keep my Mac up to date.” Manual checks for updates can be done in both systems through their respective update settings. Antivirus software targets traditional viruses, while anti-malware addresses a wider range of threats. When choosing security software, consider detection rates, system impact, and user interface. Regular scans can be scheduled through the antivirus software's dashboard, and both automatic updates and manual checks should be performed to ensure the latest virus definitions are used. For mobile device security, setting up screen locks is crucial. Android users can set this up in Settings > Security, while iOS users can do so in Settings > Face ID & Passcode or Touch ID & Passcode. Managing app permissions and keeping apps updated are also important for privacy and security. Users should regularly review app permissions and enable automatic updates in their app store settings. To protect against lost or stolen devices, users should activate the “Find My Device/App” feature available on both Android and iOS platforms, allowing them to track, lock, or erase their device remotely.
Google officially kicks Kaspersky antivirus software app off the Play Store
AppWizard
October 7, 2024

Google officially kicks Kaspersky antivirus software app off the Play Store

Kaspersky's official Android app was removed from the Google Play Store, and its developer accounts were disabled, following sanctions imposed by the US government. Kaspersky is investigating the unavailability of its software and has provided alternative download options through other app stores and its official website. The US government has raised concerns about Kaspersky's software potentially being exploited by the Russian government, leading to a ban on the sale of its products effective July 20, 2024. Kaspersky was placed on the US Entity List, and updates to its software were halted as of September 29. The company is offering free security products and safety tips for six months to mitigate customer impact. In September 2024, US customers reported that their antivirus software was replaced with a new solution named UltraAV.
Google Chrome Security Alert: Indian Govt Issues Major Warning For Windows And Mac Users - News18
Winsage
September 28, 2024

Google Chrome Security Alert: Indian Govt Issues Major Warning For Windows And Mac Users – News18

The Indian government issued a security alert on September 26 regarding vulnerabilities in Google Chrome, as announced by the Indian Computer Emergency Response Team (CERT-In). Users on Windows, macOS, and Linux are at risk, particularly those using versions prior to 129.0.6668.70/.71 for Windows and Mac, and prior to 129.0.6668.70 for Linux. The vulnerabilities could allow remote attackers to execute arbitrary code and crash the application, stemming from issues such as Type Confusion in V8, Use after Free in Dawn, Integer Overflow in Skia, and inappropriate implementation in V8. Users are advised to update their browsers to the latest version to mitigate these risks.
Hidden Android app exposes millions of Pixel phones to takeover
AppWizard
August 16, 2024

Hidden Android app exposes millions of Pixel phones to takeover

A security vulnerability has been discovered in Pixel devices, stemming from a pre-installed Android application called "Showcase.apk," which has been present since 2017. This app, developed by Smith Micro for Verizon, was designed for demo mode in retail but has extensive system privileges that allow it to execute remote code and install software without user consent. Although disabled by default, it can be activated through an attack, creating a potential backdoor. The app retrieves configuration files via an unencrypted HTTP connection, posing further risks. Google has been informed of the vulnerability but has not yet issued a patch, although they plan to remove the app from supported Pixel devices. Palantir has decided to stop using Android devices due to this vulnerability and Google's slow response. Google claims there is no evidence of active exploitation and that the issue does not affect the Pixel 9 series.
Search