Security Archives

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

Winsage

April 3, 2025

Microsoft adds hotpatching support for Windows 11 enterprise users as it looks to end unnecessary downtime for work devices

Microsoft has introduced hotpatch updates for Windows 11 Enterprise version 24H2, allowing compatible business devices to install OS security patches without requiring a restart. This feature minimizes downtime and user disruption while maintaining security. Hotpatch updates take effect immediately and provide the same level of security as traditional Patch Tuesday releases. Companies must establish a hotpatch-enabled quality update policy through Microsoft Intune to implement this feature. Devices will still require a reboot for security updates installed quarterly, but updates can occur without a restart during the other months. Arm64 devices are currently in public preview, with general availability for hotpatching set for April 2, 2025.

Winsage

April 3, 2025

Is Windows 11 Finally Better Than Windows 10 For Gaming?

Windows 11 has introduced several gaming-focused enhancements that are not present in Windows 10, including: - DirectStorage: Optimized for Windows 11, this technology allows games to load data directly from an NVMe SSD to the GPU, reducing load times. - Auto HDR: Enhances older games by automatically applying high dynamic range lighting effects for users with HDR-capable monitors. - Improved Scheduling for Hybrid CPUs: Offers better task scheduling for Intel's 12th or 13th generation CPUs, resulting in smoother frame rates during CPU-intensive gaming sessions. Benchmark tests show minimal performance differences between Windows 10 and Windows 11, with slight FPS improvements in some titles on Windows 11, especially when using advanced hardware and DirectStorage. As of March 2025, over 55% of Windows users on Steam have transitioned to Windows 11, indicating growing confidence in the operating system among gamers. Windows 11 has addressed many early bugs and driver issues, providing robust stability on compatible systems. Windows 11 has stricter hardware requirements than Windows 10, including the need for TPM 2.0 and UEFI secure boot. Windows 10 remains supported until October 2025, making it a viable option for users with older hardware. Windows 11 features a redesigned interface with a centered Start Menu and Taskbar, rounded corners, and expanded personalization options. It also simplifies the update process with annual feature updates and smaller, faster security updates. Windows 11 enhances integration with Microsoft services, supports Android apps through the Amazon Appstore, and introduces productivity tools like Snap Layouts and improved Task View. Security improvements include mandatory TPM 2.0, enhanced Windows Defender, and a redesigned privacy dashboard for better user control over app permissions. Despite its advancements, Windows 11 has limitations such as ongoing stability issues, driver compatibility concerns, and a simplified taskbar that lacks certain functionalities from Windows 10. Windows 11 is available as a free upgrade for eligible Windows 10 devices through Windows Update.

AppWizard

April 3, 2025

This sneaky Android spyware needs a password to uninstall. Here’s how to remove it without one

Consumer-grade phone surveillance applications are becoming more sophisticated and difficult to remove. A recent investigation revealed an Android monitoring app that requires a password for uninstallation, trapping users who want to remove it. This spyware uses an Android feature to overlay content, displaying a password prompt when users attempt to uninstall it. The password is set by the person who installed the app, complicating removal. A workaround involves rebooting the device into "safe mode," which temporarily disables third-party apps, allowing users to uninstall the spyware without encountering the password prompt. These spyware applications are often marketed as parental control or employee tracking tools but can be classified as "stalkerware," with some promoting surveillance of partners without consent, which is illegal. Spyware is typically downloaded from unofficial sources and installed by individuals with physical access to the target device. It may hide its icon and continuously upload sensitive data to a web dashboard accessible by the abuser. Identifying such spyware can be difficult, as it may appear as a benign app in Android settings. To identify and remove Android password-enabled spyware, users should have a safety plan before proceeding. A general guide for spyware removal suggests checking for unfamiliar device admin apps, as these may indicate spyware presence. Users can enter safe mode by holding the power button, selecting "power off," and confirming the reboot into safe mode. In safe mode, users can check for and deactivate any suspicious device admin apps, then uninstall the spyware from the apps section in settings. After removal, users should secure their devices with a complex passcode and protect online accounts linked to the device. Staying vigilant about digital security is essential to reduce the risk of invasive technologies. Resources are available for those who suspect their phone has been compromised by spyware.

Winsage

April 3, 2025

6 features worth enabling God Mode in Windows 11 for

God Mode in Windows grants access to over 200 settings and functionalities, many of which are typically hidden. Users can pin the God Mode folder to the Start menu or Quick Access in File Explorer for easy access. Key features include: - BitLocker: A disk encryption tool that protects data on drives using AES encryption, accessible via password, PIN, or Windows Hello. - Network Management: Simplifies access to network settings for connecting, checking status, and troubleshooting connectivity issues. - Power Management: Allows quick adjustments to power plans, battery settings, and actions for closing the laptop lid or pressing power buttons. - Accessibility: Offers extensive settings for users with disabilities, including tools like Narrator and Magnifier. - File Type Options: Enables users to manage file type associations and visibility of files and folders. - Windows Tools: Centralizes access to built-in maintenance tools like Disk Cleanup and Task Scheduler. God Mode enhances the user experience by providing a more efficient way to navigate system features compared to the traditional Control Panel.

BetaBeacon

April 3, 2025

Playing Android games in cars? Your vehicle might get hacked

Google's decision to introduce gaming capabilities in cars through Android Auto has faced criticism from experts who fear it may lead to distractions on the road and make vehicles vulnerable to cyber attacks. Akash Mahajan, CEO of Kloudle, highlighted the increased security risks associated with adding gaming features to cars.

AppWizard

April 3, 2025

Tesla adds security feature to Android with latest software update

Wedbush analyst Dan Ives reported that Tesla delivered 336,681 vehicles in Q1 2025, falling short of Wall Street's forecast of 352,000 and whisper estimates around 350,000. Tesla attributed part of this underperformance to several weeks of production loss while ramping up the new Model Y. Ives described the performance as “a disaster on every metric” and emphasized that it represents a pivotal moment for CEO Elon Musk, who has been increasingly involved in U.S. government affairs, potentially affecting the brand negatively. Following the delivery report, Tesla's stock initially dropped over 5 percent but rebounded by 8 percent, currently trading up over 5 percent at 3.01. This recovery was linked to reports of Musk potentially stepping back from his role in the Department of Government Efficiency (DOGE). Ives expressed optimism about Tesla's future advancements in robotaxi technology and Full Self-Driving capabilities but cautioned that Musk needs to balance his responsibilities with DOGE and leading Tesla to avoid further crises.

AppWizard

April 3, 2025

Android 15 blocked Phone Link from mirroring sensitive notifications, but Microsoft has a fix

Microsoft's Phone Link app can now mirror sensitive notifications from Android devices to Windows PCs after the Android 15 update had initially restricted this capability. The Android 15 update classified two-factor authentication codes as sensitive, blocking their visibility to most notification listeners, including Phone Link. To access sensitive notifications, Phone Link must be preinstalled on the device and granted the RECEIVESENSITIVENOTIFICATIONS permission. Users with devices that have Link to Windows preinstalled, like the Xiaomi 15 Ultra and Samsung Galaxy S25 Ultra, can grant permission to restore full functionality. For devices without the preinstalled app, workarounds include disabling Android System Intelligence notification processing or manually granting permissions.

Tech Optimizer

April 2, 2025

Amazon RDS Proxy announces TLS 1.3 support for PostgreSQL on Aurora and RDS

Amazon RDS Proxy now supports TLS 1.3 for connections to Amazon Aurora PostgreSQL and RDS for PostgreSQL database instances, enhancing security with stronger cryptographic algorithms and a streamlined handshake process. The Proxy automatically negotiates the highest security level during connection setup and can be configured to enforce TLS 1.3 exclusively. TLS 1.3 support is also available for RDS Proxy for MySQL engines. RDS Proxy is a fully managed database proxy that improves performance, reliability, scalability, and security for RDS and Amazon Aurora databases.

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.