validation Archives

AppWizard

May 15, 2025

No, your Steam info isn’t being sold on the dark web: Valve confirms the Steam leak was just a bunch of old, harmless texts and “you do not need to change your passwords”

Valve addressed concerns about a potential data leak affecting Steam accounts, confirming that while a data leak did occur, it was limited to outdated text messages containing one-time validation codes that expire after 15 minutes. The only information potentially accessed was the phone numbers to which these messages were sent, which poses minimal risk. Valve stated that users do not need to change their passwords or phone numbers due to this event.

AppWizard

May 14, 2025

Stonking Half-Life remake Black Mesa is the cheapest it’s ever been on Steam, offering Barney Calhoun in glorious 4K for a mere 2 bucks

The fan-made remake of Valve's 1998 first-person shooter, Half-Life, titled Black Mesa, is currently available on Steam for £1.70 until May 19. The game features a mute scientist navigating chaotic scenarios, including a confrontation with a giant baby in space. The recent "Resonance Decade" update, celebrating the game's 10-year anniversary, includes various technical improvements.

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

Winsage

May 12, 2025

Windows Insider release blocked by OS-busting bug

The Windows team at Microsoft has discovered a significant bug affecting the Canary build, which has led to the delay of several Insider builds. This bug impacts essential functionalities such as Bluetooth and Wi-Fi connectivity, USB accessory connections, and the onboard camera for Windows Hello. Brandon LeBlanc from the Windows Insider program described the bug as "really bad" and noted that it arose from a specific code change in newer builds not yet released to Insiders. Microsoft is currently working on a fix and hopes to deliver a new build to the Canary channel by the end of the week. The situation emphasizes the company's focus on quality control to prevent flawed releases from reaching users.

Tech Optimizer

May 12, 2025

Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution

Defendnot is a tool that disables Windows Defender by using the Windows Security Center (WSC) API, presenting itself as a legitimate antivirus solution. It was created by a developer named “es3n1n” and follows the removal of a previous tool called “no-defender.” The tool engages directly with WSC, which disables Windows Defender when third-party antivirus software is installed to avoid conflicts. Defendnot was developed through reverse engineering of the WSC service and involves understanding how WSC verifies processes. It registers a phantom antivirus product using COM interfaces and undocumented Windows APIs, leading Windows to disable its built-in protection. The tool requires administrative privileges to operate and adds itself to autorun to maintain its functionality after a reboot. Security experts express concern about its potential misuse by malware authors, while it also provides insights into vulnerabilities in Microsoft’s security architecture.

Tech Optimizer

May 12, 2025

Defendnot: A Tool That Disables Windows Defender by Registering as an Antivirus

Cybersecurity developers have created a tool called defendnot, which disables Windows Defender by utilizing undocumented Windows Security Center (WSC) APIs. This tool is a successor to the no-defender project, which was taken down due to DMCA challenges. The developer reverse-engineered WSC’s validation algorithms and identified Taskmgr.exe as a suitable process to host the necessary code. Defendnot persists across reboots by adding itself to Windows autorun and can be managed via a command-line interface with options to disable Windows Defender and Windows Firewall. Unlike its predecessor, defendnot does not use third-party antivirus code. Security experts warn that disabling protection mechanisms should only be done in controlled environments by knowledgeable users.

Winsage

May 9, 2025

You Need a Windows Package Manager — Virtualization Review

Microsoft's WinGet is a command-line tool for managing software on Windows, allowing users to install, update, list, and uninstall applications. UniGetUI is an open-source graphical user interface that enhances WinGet's functionality, making it easier for users to manage software without using the command line. UniGetUI supports various package managers and features batch operations, automatic updates, and custom installation options. To install UniGetUI, users can execute the command winget install --exact --id MartiCliment.UniGetUI --source winget or download it from the Microsoft Store. Users can easily navigate its interface to discover, install, and uninstall packages.

Winsage

May 7, 2025

Microsoft: April updates cause Windows Server auth issues

Microsoft has acknowledged that the April 2025 security updates are causing authentication challenges for certain Windows Server domain controllers, specifically affecting Windows Server versions 2016, 2019, 2022, and 2025. The issues arise after installing the April Windows monthly security update (KB5055523 or later), leading to complications in processing Kerberos logons or delegations that rely on certificate-based credentials. Affected authentication protocols include Kerberos PKINIT, S4U via RBKCD, and KCD. These issues are linked to security measures addressing the critical vulnerability CVE-2025-26647, which allows authenticated attackers to escalate privileges remotely. A temporary workaround involves modifying a registry value. Microsoft has previously addressed similar authentication issues in Windows 11, Windows Server 2025, and earlier versions.

Tech Optimizer

May 6, 2025

Crunchy Data Validates Postgres for Red Hat OpenShift Virtualization Workloads

Validation for Crunchy Postgres on Red Hat OpenShift Virtualization has been officially announced. Crunchy Data has expanded its collaboration with Red Hat to enhance support for Red Hat OpenShift Virtualization, enabling customers to deploy production-ready Postgres infrastructure. The validation allows Red Hat customers to implement Postgres for various applications within Red Hat OpenShift Virtualization-based virtual machines. Key features of Crunchy Postgres include automated deployment, comprehensive backups, disaster recovery capabilities, high availability, connection scaling, performance optimizations, and robust monitoring tools. This announcement continues the collaboration between Crunchy Data and Red Hat, which includes previous certifications and a shared commitment to open source software.

Winsage

May 2, 2025

Lightweight Windows 11 version finally gets an update

Microsoft has released version 2504 of Validation OS, a streamlined version of Windows 11 designed for hardware validation, error diagnosis, and quality control in Windows device production. This version includes enhancements in .NET support, driver management, and USB boot capabilities. It operates through a command-line interface (CLI) and supports Win32 applications. Key features of the 2504 release include support for WPF applications via the Microsoft-WinVOS-WPF-Support package, inclusion of Surface Dock drivers, improved USB boot functionality with RAM disk size configuration through DISM, separation of CJK fonts from the general font package, and an upgrade to the latest .NET implementation. Some known issues remain, such as instability with Bluetooth and Serial Console packages on ARM64 systems. The update builds on previous releases that added features like the Out of Box Experience (OOBE) and Hyper-V-compatible VHDX images. Validation OS is not intended for end users but benefits manufacturers and IT professionals in hardware production and validation. The latest build is available for download from Microsoft's official page.