telecommunications Archives

AppWizard

March 25, 2025

Signal event: Why US and European officials rely on the messaging app

A recent incident involved The Atlantic's editor-in-chief in a Signal chat among senior officials from the Trump administration discussing military actions in Yemen. Signal was chosen for its robust security features, including end-to-end encryption that prevents interception by intermediaries. Signal operates as an independent non-profit, unlike WhatsApp, which is owned by Meta. Its popularity is growing in political circles, with recommendations from both the European Commission and Parliament for secure communications. The guidelines noted an increase in threats to telecommunications infrastructure and recommended Signal when corporate tools are unavailable. A recent leak of U.S. national defense plans was due to human error, not Signal's encryption flaws.

AppWizard

March 25, 2025

Signal is ‘as safe as messaging apps get’, but not for national security

End-to-end encrypted messaging app Signal is recognized for its security features but is advised against for use by government officials discussing national security. A breach occurred when members of former President Donald Trump's national security team mistakenly included a journalist in a group chat sharing sensitive military information. Cybersecurity experts express concerns about the potential legal implications of using apps like Signal for classified communications, as it could violate the Espionage Act. High-ranking officials were involved in this incident, which exposed sensitive details, including air-strike targets and the identity of a CIA officer. Typically, government officials use Secure Compartmentalized Information Facilities (SCIFs) for classified information, and there are specific government-approved systems for transmitting such information that do not include Signal.

Winsage

March 21, 2025

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Trend Micro has identified a zero-day vulnerability in Microsoft Windows, tracked as ZDI-CAN-25373, which allows attackers to execute hidden malicious commands through .lnk files. This vulnerability has been exploited since 2017, primarily by state-sponsored groups, affecting at least 300 organizations and thousands of devices. North Korean groups APT43 and APT37 are mainly responsible for these exploits, with nearly half of the attacks linked to them. Other state-backed groups from Iran, Russia, and China account for about 20% of the attacks. Microsoft has advised users to be cautious with files from unverified sources but does not classify the issue as severe enough for immediate action. Trend Micro's research shows that attackers disguise malicious .lnk files as different file types, using hidden command line arguments. Microsoft acknowledges the research but downplays the implications, while experts suggest that addressing the vulnerability may require significant changes to .lnk file functionality.

Winsage

March 20, 2025

China, Russia, North Korea Hackers Exploit Windows Security Flaw

Almost a dozen state-sponsored threat groups from nations including China, Russia, Iran, and North Korea are exploiting a security vulnerability in Microsoft Windows, identified as ZDI-CAN-25373, to conduct espionage and gather sensitive information. This vulnerability affects how Windows handles .lnk files, allowing attackers to execute hidden malicious commands. Since 2017, these groups have targeted government, military, and critical infrastructure organizations globally, with 11 state-sponsored groups identified, primarily focusing on espionage (70%) and financial motives (20%). North Korea accounts for 45.5% of the exploitation, with Iran and Russia at 18.2% each, and China at 18.1%. The United States has experienced the most attacks (343 incidents), followed by Canada (39), Russia (25), and South Korea (23). Despite being notified, Microsoft does not plan to issue a patch for this vulnerability, categorizing it as "low severity."

Winsage

March 20, 2025

11 nation-state groups exploit unpatched Microsoft zero-day

Since 2017, at least 11 state-sponsored threat groups have exploited a Microsoft zero-day vulnerability in Windows shortcut files for data theft and cyber espionage. Researchers from Trend Micro's Trend Zero Day Initiative have identified nearly 1,000 malicious .lnk files utilizing this flaw, designated as ZDI-CAN-25373, which allows attackers to execute hidden commands on victims' devices. The attacks involve various payloads, including the Lumma infostealer and Remcos remote access Trojan, with North Korean operatives responsible for over 45% of the incidents, while Iran, Russia, and China account for approximately 18% each. Notable advanced persistent threat groups involved include Evil Corp, Kimsuky, Bitter, and Mustang Panda. Microsoft has not yet released a patch for this vulnerability, which is considered unusual, and while Microsoft Defender can detect and block related threats, organizations are advised to remain vigilant and implement protective measures against potential exploitation.

Winsage

March 19, 2025

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

Microsoft has identified a spoofing vulnerability in Windows File Explorer, designated as CVE-2025-24071, with a CVSS score of 7.5. This vulnerability affects various versions of Windows, including Windows 10 (multiple versions), Windows 11 (multiple versions), and Windows Server (multiple versions). Unauthenticated attackers can exploit this vulnerability by crafting RAR/ZIP files containing a malicious SMB path, potentially exposing the user's NTLM hash. Microsoft has released a security patch for supported product versions, and affected users are advised to install it promptly. Users can check their system's vulnerability status by verifying their version and patch information through specific commands.

Winsage

March 12, 2025

March Patch Tuesday warnings: Act fast to plug zero day holes in Windows, VMware

Recent assessments have identified critical vulnerabilities in VMware's virtualization products that allow attackers to escape the VM sandbox and execute arbitrary code at the hypervisor level, targeting the ESXi host. This can compromise the hypervisor and grant attackers control over all virtual machines on the server, threatening the entire VMware vSphere infrastructure. These vulnerabilities are particularly concerning as they are targeted by ransomware operators and advanced persistent threat groups, with tens of thousands of systems worldwide affected across various sectors, including finance, healthcare, government, critical infrastructure, and telecommunications. Cybersecurity experts recommend that organizations using affected VMware products urgently deploy patches, assess their virtualization infrastructure for signs of compromise, and enhance monitoring systems to detect suspicious activity.

Winsage

March 10, 2025

Threat Actors Exploited PHP-CGI RCE Vulnerability To Attack Windows Machines

Cisco Talos has reported a series of cyberattacks exploiting a critical vulnerability in PHP (CVE-2024-4577) to target Windows systems, primarily affecting organizations in Japan since January 2025. The vulnerability allows attackers to execute arbitrary PHP code on servers running Apache with PHP-CGI. They use a Python script, “PHP-CGICVE-2024-4577RCE.py,” to send crafted POST requests and confirm exploitation through a specific MD5 hash. After gaining access, attackers deploy a PowerShell injector script to establish a connection with their command and control (C2) server and utilize Cobalt Strike plugins for post-exploitation activities, including modifying registry keys for persistence and clearing event logs to evade detection. They conduct lateral movement using reconnaissance tools and exploit Group Policy Objects to execute malicious scripts, ultimately extracting credentials with Mimikatz. The attackers have access to a pre-configured installer script on their C2 server, suggesting potential for future attacks.

AppWizard

March 6, 2025

Console Game Sales Projected To Leave PC Games In The Dust By 2030

The console gaming market is projected to grow to an impressive billion by 2030, a 52% increase from billion in 2023. Key players in this expansion include Sony, Microsoft, and Nintendo, leveraging advancements like AI and hybrid gaming devices. In contrast, spending on PC gaming software is declining, with console game sales potentially doubling those of PC games by 2030. The mobile gaming sector is expected to reach sales nearing 0 billion by 2030, significantly outpacing both console and PC platforms. Console games currently generate significantly less revenue than mobile games, which produce 2.5 times more earnings. Cloud gaming is gaining traction due to GPU challenges and advancements in technology, while VR and AR gaming remain niche.

Tech Optimizer

February 27, 2025

PostgreSQL SQL Injection Vulnerability (CVE-2025-1094)

NSFOCUS CERT has identified a significant SQL injection vulnerability in PostgreSQL, designated as CVE-2025-1094, with a CVSS score of 8.1. This vulnerability is due to the psql tool's handling of invalid UTF-8 characters, allowing unauthenticated attackers to execute arbitrary code through the PostgreSQL interactive terminal. Affected versions include PostgreSQL 17 and 13.19. Users can check if their version is affected by executing a specific SQL query. A new version has been released to address this vulnerability, and users are encouraged to upgrade. Temporary mitigation measures include verifying UTF-8 encoding, avoiding dynamic SQL, and restricting access permissions to the psql tool.