traffic Archives

Tech Optimizer

June 21, 2025

Implement a rollback strategy for Amazon Aurora PostgreSQL upgrades using Amazon RDS Blue/Green deployments

The Amazon Aurora PostgreSQL-Compatible Edition supports managed blue/green deployments to minimize downtime and risks during updates. This deployment strategy involves creating a staging environment (green) that mirrors the production database (blue) through logical replication. The blue environment represents the current production database, while the green environment incorporates updates without changing the application endpoint. After validating changes, the green environment can be promoted to production. In case of issues post-upgrade, a rollback plan is essential, as the managed blue/green deployment feature does not provide built-in rollback functionality. A manual rollback cluster can be established using self-managed logical replication to maintain synchronization with the new version after a switchover. Before the switchover, two clusters exist: the blue cluster (production) and the green cluster (staging). After the switchover, three clusters are present: the old blue cluster (original production), the new blue cluster (updated production), and the blue prime (rollback) cluster (a clone of the old blue cluster). To implement the solution, prerequisites include a cluster parameter group for the new version database with logical replication enabled and familiarity with the Aurora cloning feature. The process involves creating a blue/green deployment, stopping traffic on the blue cluster, performing the switchover, deleting the blue/green deployment, cloning the old blue cluster to create the blue prime cluster, and establishing logical replication from the new blue cluster to the blue prime cluster. Limitations of the managed blue/green deployment include the inability to replicate certain DDL operations and the need to handle endpoint changes manually if a rollback is required. Setting up the rollback cluster incurs additional downtime. To roll back to the blue prime cluster, application traffic must be ceased, the application or DNS records updated, the subscription on the blue prime cluster dropped, and sequence values manually updated if necessary. This process is not automatic and requires careful planning and testing. In production, it is advisable to retain the new blue prime cluster until all applications have transitioned successfully, and the old blue cluster can be backed up for compliance before deletion. For testing purposes, all clusters should be deleted to avoid additional charges.

Winsage

June 20, 2025

How Uniphore achieved 30% cost savings by modernizing Windows servers on AWS

Uniphore is an AI innovation company that faced challenges with its legacy Windows Server infrastructure, which was costly and raised security concerns due to its end-of-support status. To modernize, Uniphore utilized Amazon Web Services (AWS) for containerization and cloud-native solutions, achieving a 30% reduction in costs and improved operational capabilities. The migration involved transitioning from 50 bare-metal Windows Server 2008 R2 instances to a Linux environment on AWS, optimizing call-center analytics workloads and enabling better training of large language models. The modernization strategy included three key areas: application modernization through refactoring and containerization, a custom data migration solution using Type 2 hypervisor technology, and a cloud infrastructure setup with Amazon EC2, Amazon EKS, Amazon EFS, and Amazon S3. The migration was executed in three phases: deploying the hypervisor and DataSync agent, secure data migration and validation, and production cutover with application deployment. Best practices adopted during the process included Infrastructure as Code (IaC) with Terraform, CI/CD pipelines using GitLab, comprehensive monitoring with DATADOG and CloudWatch, and enforcement of AWS Backup policies. The modernization resulted in benefits such as improved scalability and performance, flexibility and portability of applications, enhanced security and compliance, efficient data management, reduced operational overhead, and significant cost savings.

AppWizard

June 19, 2025

Debunking the grey market beyond Steam

Alternative distribution in the PC gaming industry is growing, with developers increasingly selling Steam keys through third-party platforms like Fanatical and Humble. Valve's Steam platform is projected to generate .8 billion in revenue in 2024, while the Epic Games Store reported .09 billion last year. Developers can request up to 5,000 standard release keys from Valve for sale on other platforms, adhering to pricing guidelines. Marketplaces like G2A mix approved keys and resold keys, while e-stores ensure all keys are legitimate. The grey market refers to the resale of keys that undermines publishers' profits, often due to regional pricing discrepancies. Developers can manage the grey market by monitoring key sales and implementing strategies like region-locking and pricing adjustments.

AppWizard

June 17, 2025

WhatsApp to introduce adverts as Meta pushes to monetise messaging app

WhatsApp, with nearly three billion monthly active users, is set to introduce paid advertisements for the first time, moving away from its previous ad-free policy. This initiative, led by its parent company Meta, will include ads in the app's "status" section, similar to Instagram Stories, while ensuring that private conversations remain secure and encrypted. Businesses can promote content in the updates tab and charge users for premium content, with WhatsApp taking a 10 percent commission. Limited metadata, such as location and user interactions with ads, will be shared with advertisers, but sensitive information will remain confidential. Users who do not engage with status updates or channels will not see ads in their inbox. Meta's decision comes amid competition from platforms like TikTok and YouTube and regulatory scrutiny, including a lawsuit from the FTC regarding its acquisition of WhatsApp and Instagram. The introduction of advertising and subscription features aims to tap into WhatsApp's business potential, although it may face mixed reactions from users concerned about privacy.

Tech Optimizer

June 17, 2025

Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Threat actors are using a fileless variant of AsyncRAT, targeting German-speaking individuals with a deceptive verification prompt. This prompt misleads users into executing harmful commands. The malware employs obfuscated PowerShell scripts to operate in memory without creating files on disk, complicating detection by antivirus solutions. The attack begins with a fake verification page prompting users to click "I’m not a robot," which copies a malicious command to the clipboard. This command uses conhost.exe to run a hidden PowerShell instance that retrieves a payload from a remote server. The malware establishes a connection to a command-and-control server and maintains persistence through registry keys, enabling remote control and data exfiltration. Key tactics include stealth execution, in-memory C# compilation, and TCP-based communication over non-standard ports. The campaign has been active since at least April 2025. Indicators of Compromise (IOCs) include: - IP: 109.250.111[.]155 (Clickfix Delivery) - FQDN: namoet[.]de (Clickfix / C2 Server) - Port: 4444 (TCP Reverse Shell Listener) - URL: hxxp[:]//namoet[.]de:80/x (PowerShell Payload) - Registry (HKCU): SOFTWAREMicrosoftWindowsCurrentVersionRunOncewindows (Persistence on Boot) - Registry (HKCU): SOFTWAREMicrosoftWindows NTCurrentVersionWindowswin (Holds Obfuscated Command)

Tech Optimizer

June 13, 2025

‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI

A new strain of Windows malware called "BrowserVenom" is exploiting interest in DeepSeek's AI models by targeting users through deceptive Google ads. These ads lead to a counterfeit website, "https[:]//deepseek-platform[.]com," where users are tricked into downloading a harmful file named “AILauncher1.21.exe.” This malware monitors and manipulates internet traffic, allowing attackers to intercept sensitive data. The operation is believed to involve Russian-speaking threat actors, and the malware has infected users in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The fraudulent domain has been suspended, but the malware can evade many antivirus solutions. Users are advised to verify official domains when downloading software.

Winsage

June 12, 2025

UEFI Vulnerabilities Galore

The FAA is requesting a budget allocation of .0 billion for fiscal year 2026, in addition to a previously committed .0 billion, to address critical infrastructure needs. The agency aims to modernize its outdated telecommunications infrastructure, including the air traffic control (ATC) system, which currently relies on antiquated technology such as paper strips, floppy disks, and Windows 95 computers. The FAA has a four-year timeline for overhauling the ATC system, which poses significant challenges and risks to aviation safety. Additionally, there is a need to replace the existing radar system and transition to a modern IP-based network, requiring careful consideration of security measures and operational dynamics.

Winsage

June 12, 2025

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity

Microsoft released updates in June 2025 to address critical issues affecting Windows Server 2025 domain controllers, specifically authentication failures and network connectivity problems. The updates, encapsulated in KB5060842, resolved issues stemming from security update KB5055523, which altered certificate validation methods for Kerberos authentication. This change led to logging errors for self-signed certificates and affected Windows Hello for Business Key Trust deployments. Additionally, a separate issue prevented domain controllers from managing network traffic correctly after restarts, causing them to revert to standard firewall profiles. Microsoft provided a temporary workaround for administrators to manually restart network adapters until a permanent fix was implemented. The June updates addressed a total of 66 vulnerabilities, including 10 rated as Critical, and recommended immediate installation. Microsoft advised against setting the AllowNtAuthPolicyBypass registry key to ‘2’ for domain controllers using self-signed certificates until the latest updates were applied.

Winsage

June 12, 2025

Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller

Microsoft has released a patch, KB5060842, on June 10, 2025, to address a vulnerability in Windows Server 2025 that affected Active Directory Domain Controllers' ability to manage network traffic after system restarts. This issue stemmed from the improper initialization of domain firewall profiles during startup, leading to service interruptions and authentication failures. The patch corrects the initialization sequence of these profiles, ensuring proper network traffic management post-restart. Organizations using Windows Server 2025 are advised to implement this update to maintain the reliability of their Active Directory services.

Winsage

June 11, 2025

Microsoft fixes unreachable Windows Server domain controllers

Microsoft addressed a significant issue with Windows Server 2025 domain controllers that made some servers unreachable after a restart, affecting applications and services reliant on them. The problem was due to servers loading the standard firewall profile instead of the intended domain firewall profile after a reboot, leading to improper network traffic management. This misconfiguration caused accessibility challenges for services and applications on affected servers. Microsoft released the KB5060842 security update to resolve this issue during the June 2025 Patch Tuesday. A temporary workaround involves manually restarting the network adapter on affected servers using the Restart-NetAdapter * PowerShell command, which must be done after each reboot until the update is installed. Additionally, Microsoft fixed another issue preventing some users from logging into accounts via Windows Hello after the installation of the KB5055523 April 2025 security update.