SSH Archives

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

Winsage

May 10, 2025

I made my Windows Terminal exactly the way I want it, and it’s hard to go back to GUI apps

The author has been using Linux, specifically Ubuntu Server, for over a decade for cloud deployments, game server management, and media streaming. They primarily use a MacBook for daily tasks but also require Windows for gaming on a main PC, utilizing Windows Subsystem for Linux (WSL). The author has configured Windows Terminal to manage multiple command-line shells, including Windows PowerShell, Command Prompt, and WSL, all within a single application. Windows Terminal is pre-installed on Windows 11 version 22H2 or later and can be downloaded from the Microsoft Store for earlier versions. The author's Windows Terminal setup opens a WSL environment by default and includes options for Command Prompt, PowerShell, and Developer Command Prompts. They have customized their experience by removing trailing whitespace when pasting, organizing tab order, hiding the title bar, and using a Dark theme with the Monokai Remastered color scheme and JetBrains Mono font. The WSL configuration is set to access an Ubuntu terminal directly. Windows Terminal allows the author to connect to Proxmox hosts or virtual machines via SSH and supports multiple tabs for managing different systems. It features a "Quake" mode for quick command execution and the ability to create automated tools with keyboard shortcuts. The author plans to explore adding SSH profiles for easier server connections.

Winsage

May 5, 2025

Microsoft silently fixes Start menu bug affecting Windows 10 PCs

Microsoft has resolved a problem that disrupted the functionality of Start Menu jump lists on Windows 10, version 22H2. The issue originated from a Controlled Feature Rollout (CFR) initiated in March 2025, which aimed to enhance account control but led to complications. Microsoft paused the rollout in late April 2025 after receiving user feedback about the inability to view jump lists for apps. The problematic rollout was halted on April 25, 2025, preventing new devices from encountering the glitch. The issue mainly affected users of Windows 10 Home and Pro editions. Affected users are advised to ensure their devices are connected to the internet and to restart their systems to apply the fix.

AppWizard

April 28, 2025

My favorite SSH clients for Android – and why you need them

Users can access Linux machines on a local area network using SSH commands from an Android phone, with various applications available on the Google Play Store. 1. JuiceSSH is a popular SSH client for Android that features font size adjustment, identity management, automatic script execution, plugins, themes, and external keyboard support. The Pro version offers additional features for a one-time fee of .99. 2. Termius is another SSH client that provides cloud-based encrypted storage for connection configurations, a connection manager, SSH key authentication, and SFTP support. The Pro version includes advanced features and requires account setup, but the app is free with optional in-app purchases. 3. Termux serves as a terminal emulator that allows users to run Linux commands, including SSH, after installing the openssh package. It is free to install and use. 4. ConnectBot is an open-source SSH client that offers a clean interface, color categories, font size customization, SSH key authentication, and persistent connections across multiple machines. It is also free to install and use. Recent updates to Android enable users to access a full Linux environment and install SSH using the command apt install openssh-client.

AppWizard

April 28, 2025

5 ways to use the Linux terminal on your Android phone

Android 15 includes a fully functional Linux terminal, allowing users to execute familiar commands, though running GUI applications can be challenging. With Android 16, the terminal receives more space. Users can connect to remote machines via SSH by configuring the SSH config file for easier access. The terminal serves as a platform for learning the Linux command line, executing commands, and accessing manuals. Developers can use it for coding, with Python pre-installed, and can create applications directly on their devices. The terminal also supports the installation of the MariaDB database server for database management. Additionally, users can create hidden files for storing sensitive notes using the Nano editor.

Winsage

April 21, 2025

5 amazing Linux distros that are better than Windows, but you should avoid them as a beginner

Linux distributions have evolved to be more accessible for users transitioning from Windows and macOS, with Debian-based distributions being relatively easy to navigate. DietPi is an ultra-lightweight OS that requires manual configuration of essential packages, making it more suitable for experienced users. Tails prioritizes user privacy by using the Tor network and operates from a USB drive, but is not ideal for casual users. Qubes OS enhances security through virtualization but has a steep learning curve and challenges with GPU passthrough. Talos Linux is optimized for Kubernetes projects but may be difficult for newcomers due to its lack of SSH support and immutable design. Bazzite, a gaming-focused distribution based on Fedora, offers a user-friendly setup but may not support multiplayer games with kernel-level anti-cheat technology, making it less suitable for competitive gamers.

AppWizard

April 15, 2025

5 things to do with the Linux terminal on your Android phone

Android 15 includes a fully functional Linux terminal that allows users to execute various commands typical of Linux environments. While it is robust, installing graphical user interface (GUI) applications can be challenging. The terminal can be used for SSH connections by configuring the SSH config file for easier access to remote machines. It serves as a platform for learning the Linux command line, with options to execute commands and access manual files. Developers can use it for coding, as Python is pre-installed, allowing for immediate programming tasks. Users can also install the MariaDB database server for database management directly from their mobile devices. Additionally, the terminal can be used to securely store notes by creating hidden files with the Nano editor.

Winsage

March 28, 2025

Microsoft fixes «printer uprising» in Windows 11 and remote desktop

Microsoft has acknowledged a significant issue affecting the Remote Desktop Platform (RDP) in Windows 11 24H2, which began surfacing in February 2025. An emergency server update is being implemented to resolve these complications, with users expected to see improvements within 24 to 48 hours. The RDP issues arose after the optional January Update, leading to frozen login screens and blank interfaces for some users. Microsoft recognized the problem on February 25, initially claiming it was addressed in the February update (KB5052093), but subsequent updates worsened the crashes. A Known Issue Rollback (KIR) is being deployed in stages, and users are encouraged to reboot their devices. Additionally, update KB5053657 has been released to fix a printer issue affecting USB printers that emerged after the January 11 update. A similar fix for Windows 11 24H2 is anticipated on March 27, 2025, with both resolutions included in April's "Patch Tuesday" updates.

Winsage

March 26, 2025

The latest Windows 10 update causes headaches for some users

On March 11, the Windows 10 22H2 Patch Tuesday security update, KB5053606, was released to address 15 vulnerabilities, including two critical remote code execution flaws. Users have reported significant issues, with many experiencing installation difficulties and receiving the error code 0x80070020. Those who managed to install the update faced problems such as blue and black screens, random crashes, disappearing app icons, and reverted desktop customizations. Professional users reported issues with program crashes, Citrix functionality, and slow Print Spooler operations. The update includes support for DST changes in Paraguay, updates to Country and Operator Settings profiles, fixes for Desktop Window Manager not responding, resolves issues with the Open Secure Shell service, and addresses various Chinese IME-related issues. Systems post-installation will reflect Build 19045.5608. Windows 10 is scheduled to reach its end of life on October 14, 2025.

Winsage

March 24, 2025

New Browser-Based RDP for Secure Remote Windows Server Access

Cloudflare has launched a clientless, browser-based Remote Desktop Protocol (RDP) solution that enhances its Zero Trust Network Access (ZTNA) capabilities for secure access to Windows servers. This solution eliminates the need for traditional RDP clients and utilizes IronRDP, a high-performance RDP client developed in Rust, which operates within the browser. The implementation secures RDP sessions using TLS-based WebSocket connections and integrates with Cloudflare Access for authentication through JSON Web Tokens (JWT). The system supports modern security standards, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and device posture checks. Cloudflare plans to add session monitoring, data loss prevention features, and pursue FedRAMP High certification for compliance with government standards.