user interaction Archives

AppWizard

April 29, 2025

Gemini preps a ‘Saved info’ rebrand as work on chat history search continues (APK teardown)

- The Gemini name is being phased out from headers, indicating a potential rebranding effort. - The "Saved info" feature may be renamed to "Memory" to enhance its functionality in remembering user preferences. - Improvements are being made for accessing and viewing chat history to enhance user interaction and navigation. - The latest beta version, 16.16.39.sa.arm64, reveals upcoming features, although they are not yet visible to the public. - The removal of the Gemini label from model headers is a prominent change, accompanied by a new blue background effect and a reorganization of model names and descriptions. - A search tool for chat history is being introduced, with various layouts being tested, including one that prioritizes Gems at the top. - Enhancements to the compose box are planned, potentially offering suggestions for research topics and Canvas projects.

Winsage

April 23, 2025

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly identified vulnerability in the Windows Update Stack, designated as CVE-2025-21204, allows attackers to execute arbitrary code and escalate privileges to SYSTEM level on affected machines. This critical security flaw arises from improper privilege separation and inadequate validation during the update orchestration process. Attackers can exploit it by creating harmful update packages or acting as man-in-the-middle on compromised networks. The vulnerability impacts any Windows system utilizing the vulnerable update mechanism, affecting both enterprise and consumer editions. Microsoft is working on a patch, and users are advised to monitor official channels for updates and apply patches promptly. Organizations should also restrict network access to update servers and monitor for suspicious update activities. The CVSS score for this vulnerability is 7.8 (High), indicating significant risk.

AppWizard

April 22, 2025

Weather app is getting a much needed revamp with One UI 8, leak suggests

Samsung is set to introduce One UI 8, featuring a new weather app with 3D avatars that respond to weather forecasts and include accessories like jackets and umbrellas. The app will have improved animations and backgrounds while maintaining a familiar structure. One UI 7 has begun rolling out in regions such as Korea, the U.S., and the U.K., but users in India and Germany are still waiting for the update. It is unclear why the new weather app will not be included in One UI 7.

Winsage

April 22, 2025

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

A security vulnerability identified as CVE-2025-21204 has been discovered in the Windows Update Stack, allowing local attackers to execute unauthorized code and escalate privileges to SYSTEM-level access. This vulnerability, with a CVSS score of 7.8 (High), affects Windows 10 versions 1507, 1607, and 1809, among likely other supported Windows 10/11 and Windows Server versions. The flaw arises from a design issue where Windows Update processes do not properly follow directory junctions, enabling attackers with limited user privileges to redirect trusted paths to locations containing malicious code. Microsoft has introduced a mitigation strategy in its April 2025 cumulative update, which includes creating a new folder at the root of system drives and implementing detection rules for suspicious junction creations. Organizations are advised to apply the April 2025 security updates, restrict ACLs on specific directories, prevent symbolic link creation, and monitor file creation activities in certain directories.

Winsage

April 19, 2025

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows, identified as CVE-2025-24054, is being exploited in phishing campaigns targeting government and private organizations. Initially considered low-risk, it was addressed in Microsoft's March 2025 Patch Tuesday updates. Following the release of these patches, Check Point observed a rise in exploitation attempts, particularly linked to the Russian group APT28. Attackers sent phishing emails with Dropbox links containing .library-ms files, which, when accessed, connected to an external SMB server controlled by the attackers, allowing interception of NTLM hashes. A subsequent wave of attacks involved .library-ms files sent as direct attachments, requiring minimal user interaction to exploit the vulnerability. The malicious ZIP archive also contained files exploiting older NTLM vulnerabilities. Check Point identified the attackers' SMB servers with specific IP addresses. Despite being classified as medium-severity, the vulnerability's potential impact is significant, prompting organizations to apply the March 2025 updates and consider disabling NTLM authentication if not essential.

AppWizard

April 18, 2025

Perplexity’s Android App Is Infested With Security Flaws, Report Finds

Perplexity has launched a promotional campaign called “Ask like a millionaire,” offering a million-dollar prize to users who download its app, refer friends, and engage with it during the Super Bowl. However, the Android app is facing scrutiny due to significant security vulnerabilities, including issues that could lead to data theft and account takeovers. A report from Appknox reveals that the app's API can be accessed without restriction, and the code contains hardcoded secrets, making it easy for attackers to create counterfeit versions of the app. The app is also vulnerable to task hijacking, which could allow unauthorized access to sensitive data. Perplexity, founded in 2022, has raised 0 million in venture capital and has over 10 million downloads. The company is exploring partnerships with smartphone manufacturers and has faced criticism for alleged copyright infringement. Security experts advise users to consider removing the app until the issues are resolved.

Winsage

April 17, 2025

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A vulnerability in Windows, identified as CVE-2025-24054, is being actively exploited in phishing campaigns targeting government and private sectors. Initially addressed in Microsoft's March 2025 Patch Tuesday, it was not considered actively exploited at that time. Researchers from Check Point reported increased exploitation activities shortly after the patches were released, particularly between March 20 and 25, 2025. Some attacks were linked to the Russian state-sponsored group APT28, but definitive attribution is lacking. The vulnerability allows attackers to capture NTLM hashes through phishing emails containing manipulated .library-ms files that trigger the flaw when interacted with. Check Point noted that subsequent attacks involved .library-ms files sent directly, requiring minimal user interaction to exploit. The malicious files also included additional components that exploit older vulnerabilities related to NTLM hash leaks. The attacker-controlled SMB servers were traced to specific IP addresses. Although rated as medium severity, the potential for authentication bypass and privilege escalation makes it a significant concern, prompting recommendations for organizations to install updates and disable NTLM authentication if not necessary.

Winsage

April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.

Tech Optimizer

April 16, 2025

Hackers find a way around built-in Windows protections

Windows Defender Application Control (WDAC) is a built-in security feature on Windows PCs that restricts the execution of unauthorized software by allowing only trusted applications. However, hackers have discovered multiple methods to bypass WDAC, exposing systems to malware and cyber threats. Techniques for bypassing WDAC include using Living-off-the-Land Binaries (LOLBins), DLL sideloading, and exploiting misconfigurations in WDAC policies. Attackers can execute unauthorized code without triggering alerts from traditional security solutions, enabling them to install ransomware or create backdoors. Microsoft operates a bug bounty program to address vulnerabilities in WDAC, but some bypass techniques remain unpatched for long periods. Users can mitigate risks by keeping Windows updated, being cautious with software downloads, and using strong antivirus software.

AppWizard

April 15, 2025

Google rolls out an auto-reboot feature for Android phones to safeguard data

Google has released an update to its April Play Services and Store changelog, introducing an automatic reboot function for Android phones that have been locked for three consecutive days to enhance data encryption. The initial batch of April updates included battery life improvements and a security patch for Pixel devices. The update also features optimizations for device connectivity and a minor enhancement to the "Ask a question" feature in the Play Store. Additionally, the April update includes the 2025 security update for Pixel devices, addressing camera issues and screen dimming problems reported by users of the Pixel 6 and 7 series. The Pixel 9 Pro XL has been introduced, featuring a 6.8-inch display and a commitment to seven years of updates.