US government Archives

Winsage

February 4, 2025

Microsoft has a big Windows 10 problem, and it’s running out of time to solve it

Windows 10 will reach its end-of-support date on October 14, 2025, after nearly a decade since its launch in July 2015. PCs running Windows 10 will continue to function but will no longer receive security updates unless users opt for an Extended Security Updates (ESU) subscription. Without an ESU subscription, vulnerabilities discovered after October 2025 will remain unaddressed. Approximately 60% of PCs worldwide are still using Windows 10, and if the current upgrade pace continues, about 38% of PCs will still be running Windows 10 by the end of 2025, equating to over 500 million devices. Users with older hardware, corporate environments, and Windows 10 loyalists may face challenges in transitioning to Windows 11. Microsoft has provided options for extended support, particularly for enterprise customers, but general consumers may be less inclined to pay for updates.

Winsage

December 17, 2024

US government warns federal agencies to patch dangerous Windows kernel bug

The US Cybersecurity and Infrastructure Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: 1. Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability (CVE-2024-35250) - Severity score: 7.8. 2. Adobe ColdFusion improper access control vulnerability (CVE-2024-20767) - Severity score: 7.4, affecting ColdFusion versions 2023.6, 2021.12, and earlier. CISA has set a deadline of January 6, 2025, for federal agencies to address these vulnerabilities.

Winsage

November 3, 2024

New Microsoft Windows Attacks—Stop Doing This Now, US Government Warns Users

The FBI has warned users about vulnerabilities in popular webmail accounts, highlighting risks to passwords and multifactor authentication (MFA) due to emerging cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has advised Windows users to reconsider SMS-based MFA. CISA's guidance targets Chief Information Security Officers (CISOs) and enterprise users, emphasizing a sophisticated spear-phishing campaign affecting various sectors, including government and IT. Spear phishing, although less than 0.1% of phishing emails, accounts for 66% of successful breaches, with average costs of USD 4.76 million and potential losses up to USD 100 million. CISA notes that foreign threat actors often impersonate trusted entities and use malicious remote desktop protocol (RDP) files to gain unauthorized access. CISA has recommended ten security measures for organizations, including restricting outbound RDP connections, blocking RDP files, enabling MFA, and adopting phishing-resistant authentication methods. CISA advises against SMS-based MFA due to its vulnerability to SIM-jacking attacks. Kaspersky has raised concerns about SIM swap fraud, particularly in areas with high smartphone usage. Organizations are encouraged to use stronger MFA alternatives, such as software authenticators or passkeys.

AppWizard

October 14, 2024

Google seeks stay against app store competition order

Google has requested a federal judge in California to temporarily suspend an injunction requiring the company to enhance competition in its Play app store, set to take effect on November 1, 2024. This injunction stems from a ruling by US District Judge James Donato, who determined that Google held an illegal monopoly over app downloads and in-app payments on Android devices, following a legal challenge by Epic Games. The injunction mandates Google to permit the installation of competing third-party Android app platforms, prohibits restrictions on alternative in-app payment methods, and prevents financial incentives for exclusive preinstallation of its app store. If the request is denied, Google plans to appeal to the 9th US Circuit Court of Appeals.

BetaBeacon

October 11, 2024

Xbox Pounces On Epic Ruling With Plans To Sell Games Directly On Android

Google has faced antitrust losses, with the latest ruling requiring it to change how it distributes apps on Android. Developers will soon be able to sell app content in new ways, and Microsoft is eager to take advantage of this. Xbox gamers will soon be able to purchase games directly in the Xbox app on Android.

BetaBeacon

October 11, 2024

Xbox Cloud Games & Store in the Android app this November

Xbox Cloud Games can be played and the Xbox store is coming to Android in November.

AppWizard

October 7, 2024

Google officially kicks Kaspersky antivirus software app off the Play Store

Kaspersky's official Android app was removed from the Google Play Store, and its developer accounts were disabled, following sanctions imposed by the US government. Kaspersky is investigating the unavailability of its software and has provided alternative download options through other app stores and its official website. The US government has raised concerns about Kaspersky's software potentially being exploited by the Russian government, leading to a ban on the sale of its products effective July 20, 2024. Kaspersky was placed on the US Entity List, and updates to its software were halted as of September 29. The company is offering free security products and safety tips for six months to mitigate customer impact. In September 2024, US customers reported that their antivirus software was replaced with a new solution named UltraAV.

Tech Optimizer

September 25, 2024

US Kaspersky customers startled by forced switch to ‘rando’ AV software

Kaspersky customers in the United States are experiencing an automatic transition to UltraAV antivirus software, developed by Pango Group, following a ban on Kaspersky products by the Biden administration due to security risks. Many users were surprised and frustrated by the abrupt switch, discovering unfamiliar software installed on their devices without prior notice. Complaints have surfaced on social media and Kaspersky's support forum regarding the lack of information about UltraAV and concerns over the transition process. The Department of Commerce's Bureau of Industry and Security identified Kaspersky's products as potential security risks, leading to the ban. Kaspersky announced that updates to its software would cease by September 29, and although Pango stated that notifications were sent to customers, many reported not receiving them. Customers had the option to opt out of the transition by contacting customer service, but many feel the process could have been handled more effectively.

Winsage

August 20, 2024

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The Lazarus hacking group from North Korea exploited a zero-day vulnerability in the Windows AFD.sys driver, allowing them to elevate privileges and install the FUDModule rootkit on targeted systems. This vulnerability, designated as CVE-2024-38193, was addressed by Microsoft during its August 2024 Patch Tuesday. The AFD.sys driver is a critical component of the Windows Kernel for the Winsock protocol and is installed by default on all Windows devices. The vulnerability falls under the Bring Your Own Vulnerable Driver (BYOVD) category, enabling attackers to gain unauthorized access to sensitive system areas. The Lazarus group has a history of targeting financial and cryptocurrency firms, including a cyberattack on Axie Infinity in April 2022 that resulted in the theft of over million in cryptocurrency. The US government has offered a reward of up to million for information leading to the identification or location of these hackers.

AppWizard

August 9, 2024

Moonly app exposed location of 6M users; potential Russian ties

The Moonly astrology application, with around 6 million users, experienced a data breach that exposed sensitive user information, including addresses, email addresses, birth dates, GPS locations, and employee credentials. A publicly accessible database linked to Cosmic Vibrations Inc. was discovered, containing data from a backup dated April 19, 2024. The breach raised security concerns, particularly due to the leaked GPS locations and the potential for hacking attempts given the exposure of birth dates and email addresses. While employee passwords were hashed, some were cracked, increasing the risk of unauthorized access to the database. Additionally, evidence suggests that Moonly's management may be based in Russia, with employee logins traced to the Russian Federation, Belarus, and Indonesia, raising concerns about the company's operations and potential circumvention of US sanctions. Moonly has not publicly addressed these issues.