System Information

Winsage
August 19, 2025
Open-source software provides alternatives to proprietary applications for Windows users, enhancing productivity without traditional software licenses. 1. LibreOffice is a free office suite that includes word processing, spreadsheets, and a database component, operates locally, and supports MS Office formats. 2. Flow Launcher is a free file search and application launcher that allows quick access to applications and files through a customizable hotkey. 3. Duplicati is a free backup solution that supports various storage destinations, offers encryption, scheduling, and remote management for data security. 4. Nextcloud is a free, locally hosted file storage and collaboration solution that allows users to control their personal data. 5. Franz is a free application that consolidates multiple messaging platforms into a single interface for easier communication. 6. YAZB (YAZB Reborn) is a free tool that customizes the Windows experience by creating a top bar displaying system information. 7. File Converter is a free application that allows users to convert various file formats through a right-click context menu option. 8. Bitwarden is a free open-source password manager that offers password generation and secure file sharing, with premium features available. 9. AutoHotKey is a free tool for automating tasks through scripting, enabling the creation of hotkeys and macros. 10. Ollama is a free open-source AI application that allows local interaction with AI models, ensuring data privacy.
AppWizard
August 11, 2025
EA's Dice studio has released the first public beta version of Battlefield 6, with the full game set for release on October 10, 2025. The beta will last two weekends, with the first open beta running until August 11, 2025, and the second weekend starting on August 14, 2025, and ending on August 16. Players may need to enable Secure Boot to play, as it enhances security during the PC boot process. Secure Boot is essential for Windows 10 and Windows 11, ensuring only trusted software loads at startup. Battlefield 6 requires Secure Boot to enhance defenses against cheating using the EA Javelin Anticheat system. To check if Secure Boot is enabled, players can access System Information and look for the BIOS Mode and Secure Boot State. To enable Secure Boot, players must access the BIOS, which varies by motherboard brand, typically using keys like F2, F10, F12, or Delete during startup. For Windows 11 users, they can enter the BIOS through the Windows Recovery Environment.
AppWizard
August 5, 2025
The Open Beta for Battlefield 6 has begun, requiring players to enable Secure Boot in their BIOS to launch the game. This is the first game to mandate Secure Boot for operation, which may surprise some players. Despite using UEFI, Secure Boot was initially disabled on one user's system, leading to confusion. After troubleshooting, including disabling CSM in the BIOS, the user successfully enabled Secure Boot and launched the game. Battlefield 6 will support AMD FSR 3, Intel XeSS 2.0, and NVIDIA DLSS 4, although the availability of FSR 3.1 and toggles for FSR 4.0 remains uncertain. Users with an RTX-50 series graphics card can utilize DLSS 4 Multi-Frame Generation.
Winsage
August 4, 2025
Specialists at the Genians Security Center have identified a new version of the RoKRAT malware linked to the North Korean APT37 group. This version uses steganography to hide its code in JPEG images, allowing it to bypass antivirus systems. The infection begins with a malicious .LNK link in a ZIP archive, which contains a large .LNK file that misleads users. The malware employs various encrypted components, including shellcode, PowerShell scripts, and batch files. Upon execution, PowerShell decrypts the shellcode using a XOR operation, and the malware injects itself into legitimate Windows processes without leaving traces on the disk. The RoKRAT loader is embedded in a JPEG image hosted on Dropbox, and it uses a double XOR transformation to extract the shellcode. The malware is activated through sideloading techniques using legitimate utilities and downloads from cloud platforms. RoKRAT can collect data, take screenshots, and transmit them to external servers. Recent samples have targeted “notepad.exe” for code injection, indicating ongoing development. Endpoint detection and response (EDR) systems are essential for monitoring unusual activities and protecting against these sophisticated attacks, as traditional defenses are inadequate.
Winsage
August 4, 2025
Security researchers at Genians Security Center discovered a new variant of the RoKRAT malware linked to the North Korean APT37 threat group. This malware uses steganography to hide malicious payloads within JPEG files, allowing it to evade traditional antivirus detection. It is typically distributed through malicious shortcut files within ZIP archives, often disguised as legitimate documents. The malware employs a two-stage encrypted shellcode injection method, utilizing PowerShell and batch scripts to execute its payloads in memory. It collects system information, documents, and screenshots, exfiltrating data via compromised cloud APIs. The command and control accounts associated with the malware are linked to Russian email services. Variants of RoKRAT have evolved to include different injection methods and reference specific PDB paths. Indicators of compromise include various MD5 hashes associated with the malware.
Winsage
July 23, 2025
- The Starship prompt enhances the command line experience with a sleek design, customization options, and compatibility across different shells. It requires a NerdFont for effective operation and can be installed via the Windows Package Manager for PowerShell or various package managers for WSL. Configuration involves adding specific commands to shell profiles and creating a configuration file. - Fastfetch is a lightweight system information display tool that serves as a modern alternative to Neofetch, supporting both Windows and Linux. Installation can be done through various package managers, and configuration is achieved by generating a config file. - Windows Terminal on Windows 11 can be customized for a more personalized experience, including theme changes, font adjustments, and transparency. Customizations can be made via the GUI or by editing a JSON configuration file. - To use Starship and Fastfetch upon startup in PowerShell, a PowerShell profile must be created using a specific command, allowing users to add necessary commands for these tools.
Winsage
July 16, 2025
Microsoft released the KB5062553 update for Windows, which caused boot failures in some Generation 2 Azure Virtual Machines (VMs) with Trusted Launch disabled. In response, Microsoft issued an emergency patch, KB5064489, applicable to Windows 11 and Windows Server 2025, to address these issues. Affected VMs may experience boot failures if Virtualization-Based Security (VBS) is enforced via registry key. Users are advised to check if their VMs are created as “Standard” and if VBS is enabled. The KB5064489 update is not automatically deployed and must be manually downloaded from the Microsoft Update Catalog, with specific installation methods outlined.
Winsage
July 15, 2025
Microsoft released an emergency update to address a bug affecting Azure virtual machines (VMs) that prevented them from launching when the Trusted Launch setting was disabled while Virtualization-Based Security (VBS) was enabled. This issue emerged during the July Patch Tuesday security updates and impacted Windows Server 2025 and Windows 11 24H2, specifically affecting VMs using version 8.0 with VBS provided by the host. The root cause was identified as a secure kernel initialization issue, which has been fixed with the KB5064489 out-of-band update. Administrators are advised to check if their VMs are created as "Standard" and if VBS is enabled. If affected, they should install the out-of-band update instead of the July 8th KB5062553 Patch Tuesday update and consider using the Trusted Launch security feature. Microsoft has also updated Windows Server 2025 VM images to include the latest cumulative update addressing this bug.
AppWizard
July 15, 2025
A new variant of the Konfety malware targets high-end Android devices using sophisticated evasion techniques, including distorted APK files to avoid detection. This version disguises itself as legitimate applications, imitating popular apps on the Google Play Store. It employs an 'evil twin' tactic, emphasizing the need to download software only from trusted publishers and avoiding third-party APKs. The malware can redirect users to harmful websites, install unwanted software, and generate misleading notifications. It displays ads through the CaramelAds SDK and can exfiltrate sensitive data such as installed applications and network configurations. Konfety can conceal its app icon and name, using geofencing to alter behavior based on location, and employs an encrypted DEX file to hide services. To evade analysis, it manipulates APK files to appear encrypted, causing misleading prompts during inspection, and compresses critical files with BZIP, leading to parsing failures. Users are advised to avoid sideloading apps, ensure Google Play Protect is enabled, and consider installing a reputable antivirus to enhance security.
Search