traffic Archives

Tech Optimizer

June 13, 2025

‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI

A new strain of Windows malware called "BrowserVenom" is exploiting interest in DeepSeek's AI models by targeting users through deceptive Google ads. These ads lead to a counterfeit website, "https[:]//deepseek-platform[.]com," where users are tricked into downloading a harmful file named “AILauncher1.21.exe.” This malware monitors and manipulates internet traffic, allowing attackers to intercept sensitive data. The operation is believed to involve Russian-speaking threat actors, and the malware has infected users in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The fraudulent domain has been suspended, but the malware can evade many antivirus solutions. Users are advised to verify official domains when downloading software.

Winsage

June 12, 2025

UEFI Vulnerabilities Galore

The FAA is requesting a budget allocation of .0 billion for fiscal year 2026, in addition to a previously committed .0 billion, to address critical infrastructure needs. The agency aims to modernize its outdated telecommunications infrastructure, including the air traffic control (ATC) system, which currently relies on antiquated technology such as paper strips, floppy disks, and Windows 95 computers. The FAA has a four-year timeline for overhauling the ATC system, which poses significant challenges and risks to aviation safety. Additionally, there is a need to replace the existing radar system and transition to a modern IP-based network, requiring careful consideration of security measures and operational dynamics.

Winsage

June 12, 2025

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity

Microsoft released updates in June 2025 to address critical issues affecting Windows Server 2025 domain controllers, specifically authentication failures and network connectivity problems. The updates, encapsulated in KB5060842, resolved issues stemming from security update KB5055523, which altered certificate validation methods for Kerberos authentication. This change led to logging errors for self-signed certificates and affected Windows Hello for Business Key Trust deployments. Additionally, a separate issue prevented domain controllers from managing network traffic correctly after restarts, causing them to revert to standard firewall profiles. Microsoft provided a temporary workaround for administrators to manually restart network adapters until a permanent fix was implemented. The June updates addressed a total of 66 vulnerabilities, including 10 rated as Critical, and recommended immediate installation. Microsoft advised against setting the AllowNtAuthPolicyBypass registry key to ‘2’ for domain controllers using self-signed certificates until the latest updates were applied.

Winsage

June 12, 2025

Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller

Microsoft has released a patch, KB5060842, on June 10, 2025, to address a vulnerability in Windows Server 2025 that affected Active Directory Domain Controllers' ability to manage network traffic after system restarts. This issue stemmed from the improper initialization of domain firewall profiles during startup, leading to service interruptions and authentication failures. The patch corrects the initialization sequence of these profiles, ensuring proper network traffic management post-restart. Organizations using Windows Server 2025 are advised to implement this update to maintain the reliability of their Active Directory services.

Winsage

June 11, 2025

Microsoft fixes unreachable Windows Server domain controllers

Microsoft addressed a significant issue with Windows Server 2025 domain controllers that made some servers unreachable after a restart, affecting applications and services reliant on them. The problem was due to servers loading the standard firewall profile instead of the intended domain firewall profile after a reboot, leading to improper network traffic management. This misconfiguration caused accessibility challenges for services and applications on affected servers. Microsoft released the KB5060842 security update to resolve this issue during the June 2025 Patch Tuesday. A temporary workaround involves manually restarting the network adapter on affected servers using the Restart-NetAdapter * PowerShell command, which must be done after each reboot until the update is installed. Additionally, Microsoft fixed another issue preventing some users from logging into accounts via Windows Hello after the installation of the KB5055523 April 2025 security update.

Tech Optimizer

June 11, 2025

Malwarebytes Plus antivirus review

Malwarebytes Plus is a straightforward antivirus software priced at approximately .99 per year, offering protection for three devices across Mac, Windows, iOS, or Android platforms. It also has a family plan for up to ten devices at .99 per year and a Teams package for businesses protecting 20 devices or more at 9.99 per year. The subscription includes a VPN with no data transfer limits but lacks a password manager. Users can schedule quick scans and access advanced settings for specific vulnerabilities. The application runs efficiently in the background, with quick scans taking around 26 seconds. It features real-time protection against ransomware and exploits, but offers limited privacy options and identity threat protection primarily as an incentive to upgrade. The interface is clean but may be less user-friendly compared to competitors. Malwarebytes Plus provides 24/7 support via email, chat, and phone, including remediation guidance for specific viruses.

Winsage

June 10, 2025

APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

A cyberattack campaign by the advanced persistent threat group Stealth Falcon targeted a prominent Turkish defense company using a zero-day vulnerability identified as CVE-2025-33053. This vulnerability allowed attackers to manipulate the working directory of legitimate Windows tools to execute malware from their WebDAV servers. The attack was initiated through a spear-phishing email containing a malicious .url file that directed the system to a legitimate Internet Explorer utility, which was then exploited to execute malicious files. The attackers employed process hollowing to bypass traditional defenses. Stealth Falcon, also known as FruityArmor, has been conducting cyber espionage since at least 2012, targeting government and defense sectors in Turkey, Qatar, Egypt, and Yemen. The attack involved a multi-stage infection chain leading to the deployment of "Horus Agent," a custom implant designed for advanced reconnaissance and equipped with anti-analysis techniques. Researchers identified additional custom tools used by Stealth Falcon, including a DC Credential Dumper and a custom keylogger. The group utilizes repurposed legitimate domains to blend their infrastructure with legitimate traffic, complicating detection efforts.

Tech Optimizer

June 10, 2025

Why Instacart Moved to Postgres & pgvector to Boost Semantic Search

Instacart serves 14 million daily users and manages billions of products, necessitating advanced search capabilities that go beyond keyword matching to understand user intent. The search system must reflect real-time inventory changes, leading to significant workloads on the database. Instacart transitioned from Elasticsearch and FAISS to a hybrid architecture using Postgres and pgvector, improving search performance and reducing write workloads by tenfold. This normalization allowed for better storage of machine learning features and improved flexibility. Moving compute closer to storage with NVMe resulted in a twofold increase in search performance. Instacart's migration to pgvector eliminated data duplication and operational complexity, enhancing search quality and user satisfaction, evidenced by a 6% decrease in searches with zero results.

Winsage

June 6, 2025

Why I Use simplewall Instead of Windows Firewall (And You Should Too)

Simplewall is a rule-based firewall controller for Windows that enhances the Windows Filtering Platform (WFP) without replacing it. It allows users to manage network access for applications and services with a user-friendly interface, supporting advanced features like filtering rules by IP, port, or protocol. Users can create tailored profiles for different scenarios and have comprehensive control over network interactions, including blocking telemetry data and automatic updates. Simplewall is lightweight, portable, and operates without background processes or telemetry, ensuring a straightforward user experience. Setting up simplewall involves downloading it, extracting the files, and enabling filters, allowing users to establish a functional firewall profile quickly. While it offers many advantages, such as being open-source and compatible with older Windows versions, it may be overwhelming for beginners and lacks detailed app profiling compared to premium firewalls.

Tech Optimizer

June 4, 2025

Do I need an antivirus and a VPN?

Reliance on antivirus software for device protection is common, but certain threats, especially ransomware, can bypass even the best solutions. Cybercriminals have shifted tactics from encrypting data for ransom to exfiltrating sensitive information and threatening to leak it. The availability of ransomware kits and the use of AI by attackers have made cybercrime more accessible and targeted. Remote work environments increase vulnerabilities, as hackers exploit unsecured networks and personal devices. Antivirus software can help protect against malware and viruses, but built-in solutions often lack comprehensive security. A high-quality antivirus program can enhance protection through advanced features and AI. A Virtual Private Network (VPN) encrypts data and secures internet traffic, making it a valuable tool for cybersecurity. Implementing a VPN is cost-effective compared to potential data breach costs. Using both a VPN and antivirus software is essential for comprehensive coverage, as they address different security aspects. Businesses may need advanced endpoint protection solutions for heightened security, which continuously scans for suspicious behavior and integrates multiple security features. Despite these tools, proper personal practices and cybersecurity awareness are crucial to minimize vulnerabilities and human error, which is a leading cause of cyberattacks.