verification Archives

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

AppWizard

May 22, 2026

There is a huge bug for the Audible App for Android

The Audible app for Android, version 26.19.13, has a significant bug affecting cloud syncing and license verification, causing it to fail to recognize downloaded audiobooks. Users are experiencing repeated downloads over mobile networks despite setting preferences to Wi-Fi only, leading to excessive storage consumption of over 26GB on some devices. This issue is particularly problematic for users with limited data plans, as it depletes their data allowances quickly.

AppWizard

May 21, 2026

Binance’s Android app privacy fight is back in the spotlight

Binance is facing scrutiny regarding the data collection practices of its Android app, which some users believe functions more as a data collection tool than a trading platform. Concerns have been raised about the app's extensive permissions and tracking capabilities, with a report indicating the presence of numerous tracking components, including SDKs from TikTok and WeChat, and over 50 system permissions. Binance's privacy portal states that data is collected for account management, security, marketing, fraud prevention, and legal compliance. Despite this, there are questions about whether the data collection practices are proportionate to the app's intended functions. Binance has a history of legal issues, including a guilty plea in November 2023 that resulted in a .32 billion penalty for anti-money laundering violations. The exchange claims to tailor its privacy framework to regional regulations, but user concerns about the app's tracking capabilities persist. As of early 2026, Binance has over 300 million registered users, making any privacy-related disputes potentially impactful. The ongoing scrutiny may lead to gradual adjustments in Binance's practices rather than a complete overhaul.

Winsage

May 20, 2026

MSHTA abuse helps malware hide in Windows processes

Bitdefender's research highlights the use of Microsoft's MSHTA utility in malware attacks, noting its default activation in Windows systems. Cybercriminals exploit MSHTA to execute malicious scripts under the guise of legitimate processes, linking it to various malware families like LummaStealer and PurpleFox. The study reports a rise in MSHTA-related detections, indicating a shift towards "living-off-the-land" tactics that utilize legitimate tools to evade security alerts. Social engineering is identified as a common entry point for attacks, employing deceptive methods such as fake software downloads and phishing links. MSHTA can retrieve and execute additional payloads through multi-stage chains, complicating detection efforts. The attacks target sensitive information, including credentials and financial data, and the continued presence of MSHTA poses risks as it allows threat actors to conceal malicious actions. To mitigate these threats, organizations are advised to restrict or disable legacy scripting tools and exercise caution with untrusted downloads. The report emphasizes the challenge of detecting unusual behaviors associated with legitimate utilities in the context of cyber threats.

AppWizard

May 20, 2026

Join Minecraft at TwitchCon

Attendees at the weekend event can earn a Crafter Cape by collecting three Emerald Stickers, which are obtained by participating in designated Minecraft sessions and activities. Each attendee is allowed only one cape, but there is no limit on the total number of capes distributed. To collect Emerald Stickers, attendees must engage in sessions labeled with “Minecraft Emerald” or participate in activities at the Minecraft Arena. Stickers can be placed in the Inventory Ribbon, which has three slots and can be collected at the Swag Bag kiosk. After collecting the stickers, attendees can redeem their cape at the Cape Trader in the Minecraft Village within the Arena. A wristband scan and verification of the completed ribbon are required to receive a Cape Card with a unique in-game code. For those unable to attend, an alternate Builder Cape will be available online during Minecraft LIVE on May 30.

Winsage

May 19, 2026

Microsoft plans to improve Windows 11 driver quality in 2026

Microsoft is launching the Driver Quality Initiative (DQI) to improve the quality of Windows 11 drivers, which are crucial for the operating system's performance. The initiative includes four pillars: encouraging the use of safer user-mode drivers, implementing rigorous partner verification processes, enhancing the Windows Update catalog, and focusing on stability and performance. Microsoft plans to collaborate with partners like AMD and Intel to achieve these goals. AMD's Director of Software Engineering emphasized that driver quality is a shared commitment. Additionally, Microsoft aims to enhance Windows 11 by reintroducing features like a movable taskbar and improving performance for lower memory devices, with gradual improvements expected in the coming months.

Winsage

May 19, 2026

Microsoft aims to bring the Windows driver ecosystem back into step

Microsoft has launched its Driver Quality Initiative (DQI) at the Windows Hardware Engineering Conference (WinHEC) 2026, aimed at improving the quality, reliability, and security of drivers in the Windows ecosystem. The DQI is built on four pillars: expanding quality measures for driver development, improving driver lifecycle management, enhancing Windows driver architecture, and fostering ecosystem collaboration among partners. The initiative includes a focus on strengthening kernel mode drivers for better security and reliability. Pavan Davuluri, President of Windows and Devices, has highlighted a commitment to addressing customer pain points and improving system performance and user experience. The DQI is part of a long-term strategy to enhance the Windows experience.

Tech Optimizer

May 19, 2026

Avast Free Antivirus for US users: core features explained

Avast Free Antivirus is a free security application that provides essential malware protection and additional tools for Windows, macOS, Android, and iOS. It blocks malware and suspicious websites using real-time scanning and integrates with the operating system's security center on Windows. Key features include file shield scanning, web and mail shields, and ransomware-related shields on select platforms. It is available for free download in the US and is popular among home users, families, students, and individual professionals. Avast competes with other antivirus vendors like McAfee and Bitdefender and is often reviewed positively by tech outlets. While it offers core protections, advanced features require paid subscriptions. Users can conduct various types of scans and utilize browser extensions to assess site safety. The software is designed to coexist with Windows built-in security features, but experts advise using additional security measures for online banking and shopping.

AppWizard

May 18, 2026

Beware of Activating Them: 5 Android App Permissions That Pose a Threat to Your Data

Android applications often request various permissions upon installation, including access to the camera, microphone, contacts, messages, and accessibility features. Users frequently accept these requests without hesitation, which can compromise their device's privacy and security. Certain permissions, if granted to malicious apps, can enable monitoring of user activity, audio recording, location tracking, or unauthorized app installations. Five Android app permissions that require careful consideration before granting include: 1. Accessibility Services: Can allow untrusted apps to monitor screen content, read messages, track keystrokes, and perform actions on behalf of the user. 2. Display Over Other Apps: Allows apps to overlay content on other apps, which can be exploited by malicious apps to create deceptive interfaces. 3. Install Unknown Apps: Permits apps to install software from outside the Google Play Store, increasing the risk of malware. 4. Usage Data Access: Enables apps to monitor usage patterns, which can be used for targeted advertising or sold to data brokers. 5. Access to Contacts and Messages (SMS): Sensitive information can be intercepted by malicious apps, posing risks to account security. It is crucial to grant permissions that align with an app's intended function and to be cautious of unnecessary access.

Winsage

May 18, 2026

Old Windows Flaw Returns to Spotlight With MiniPlasma Exploit

Security researcher Chaotic Eclipse has introduced a Windows exploit called MiniPlasma, which may allow privilege escalation from standard user accounts to SYSTEM level access, even on patched versions of Windows. This exploit is linked to CVE-2020-17103, a flaw in the Windows Cloud Filter driver that was addressed by Microsoft in December 2020. Tests have reportedly demonstrated the exploit functioning on a patched Windows 11 Pro system, achieving SYSTEM access from a standard user account. The exploit involves an undocumented registry-key path within the .DEFAULT user hive, raising concerns about the effectiveness of the 2020 fix. There is a discrepancy between public and Canary builds of Windows 11, with the exploit working on the public build but not on the Canary build. Microsoft’s April 2026 Patch Tuesday updates included another entry related to the Windows Cloud Files Mini Filter Driver elevation-of-privilege issue. Defenders are advised to monitor the CVE-2020-17103 record for further clarification regarding the status of the original fix and the implications of the MiniPlasma exploit.