Vigilance Archives

Winsage

May 8, 2025

Ransomware hackers target a new Windows security flaw to hit businesses

Several ransomware groups, including RansomEXX and Play, are exploiting a zero-day vulnerability in the Windows Common Log File System to elevate system privileges and deploy malware. This flaw was identified and patched during Microsoft's Patch Tuesday update in April 2024.

Winsage

May 6, 2025

Microsoft unleashes an AI agent on your unsuspecting Windows settings, but initially only if you have a Snapdragon X-powered PC

Microsoft is introducing an AI agent for its Windows operating system to enhance user experience by allowing users to adjust settings using natural language. The rollout is expected within the next month, and the feature will be available through the Microsoft Insider program. This AI-driven assistant aims to simplify navigation through system settings, potentially replacing outdated submenus. Users will need to consider how the AI interprets commands and the level of control they retain over their PCs.

Tech Optimizer

May 6, 2025

YouTubers battle to see who can download the most computer viruses in an hour and the results are insane

A group of YouTubers, led by Tranium, conducted an experiment to download as many computer viruses as possible within an hour to raise cybersecurity awareness. Tranium collected approximately 530 viruses, while Crypto NWO detected 732 across 199,508 files. The experiment highlighted the dangers of downloading free software and the risks associated with 'free' antivirus programs, illustrating the ongoing threats in the digital landscape.

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.

Tech Optimizer

May 3, 2025

Use Protection: 6 Tips to Watch Porn Online Safely

Seventeen U.S. states have enacted age verification laws that effectively prohibit adult websites from operating within their jurisdictions. The use of Incognito Mode can help hide browsing history, but it is not completely secure as data may still be retained by Google. Data theft is a risk when engaging with adult content, especially if personal information is shared on pornographic sites. Using a VPN can enhance anonymity, but it does not protect against voluntarily shared information. Privacy services like IronVest can help create disposable email addresses and phone numbers. Ads on adult websites can contain malware, making antivirus software important for protection. Trusted pornographic sites typically prioritize user privacy and security, so caution is advised when choosing platforms.

Tech Optimizer

May 2, 2025

The Pillars of AI-Driven Security

The cybersecurity landscape has shifted from traditional methods like firewalls and antivirus software to more sophisticated, AI-driven strategies. The 2024 Verizon Data Breach Investigations Report identifies ransomware as a leading attack type, with a median time to compromise now measured in hours. The attack surface is expanding due to remote work, cloud adoption, and IoT devices, while traditional security measures struggle to keep up. AI enhances security across three domains: prevention, detection, and response. 1. Prevention: AI distinguishes between legitimate and suspicious activities, improving predictive accuracy and enabling proactive defenses against attacks. AI models can identify zero-day malware and fileless attacks by focusing on behavior. 2. Detection: AI-powered tools like SIEM systems analyze vast amounts of data to identify risks and suspicious patterns in near real-time, reducing false positives and highlighting low-and-slow attacks and insider threats. 3. Response: AI automates rapid containment and remediation actions, allowing human analysts to focus on more complex tasks. Generative AI can assist in drafting incident reports and suggesting remediation measures. AI-driven security offers scale and efficiency, reducing breach costs significantly for organizations that utilize it. AI models adapt to evolving threats, and AI tools help bridge the cybersecurity skills gap. However, challenges include potential biases in AI models, the need for talent and change management, and privacy concerns. Organizations are encouraged to adopt AI-driven security as a core component of their digital defense strategy to improve risk posture and threat response.

Winsage

April 25, 2025

Microsoft’s Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw

In early April 2025, Microsoft addressed a security vulnerability (CVE-2025-21204) related to symbolic links in the Windows servicing stack, specifically affecting the c:inetpub directory used by Internet Information Services (IIS). The updates created the c:inetpub folder with appropriate permissions to mitigate risks. However, this fix introduced a new denial-of-service (DoS) vulnerability, allowing non-administrative users to create junction points on the c: drive, disrupting the Windows Update mechanism. A command such as "mklink /j c:inetpub c:windowssystem32notepad.exe" could be used to exploit this flaw, preventing systems from receiving future security patches. As of April 25, Microsoft had not released a patch or acknowledged the issue, leaving systems vulnerable and emphasizing the need for monitoring user permissions and manually removing suspicious symlinks.

Winsage

April 24, 2025

Microsoft mystery folder fix might need a fix of its own

Microsoft's recent patch for CVE-2025-21204 inadvertently reintroduced the inetpub folder at c:inetpub as part of its mitigation strategy, raising concerns among system administrators. Security researcher Kevin Beaumont discovered that this folder created a new vulnerability when he used the mklink command with the /j parameter to redirect the folder to a system executable (notepad.exe). This allowed standard users to prevent Windows updates without administrative rights, as the command could be executed on default-configured systems. Beaumont has notified Microsoft of this vulnerability, but the company has not yet responded.

AppWizard

April 24, 2025

Technology behind private messaging app Telegram names Maximilian…

The TON Foundation will announce Maximilian Crown as its new CEO on Thursday. This appointment aims to stabilize Telegram, which has a user base of one billion, following the arrest of its founder Pavel Durov in Paris last year. Crown's leadership is seen as a significant step for Telegram, demonstrating its commitment to expanding its multi-functional app amid governmental pressures to access user data. Crown has experience as CFO and COO of MoonPay and has successfully secured operational approvals across various countries. Telegram has transformed into a “Super App,” integrating features such as gaming, shopping, and payment functionalities. The Telegram Open Network (TON) has 41 million active accounts and 121 million Toncoin holders. Toncoin's value is tied to Telegram's fortunes, experiencing fluctuations following Durov's arrest. Concerns have been raised regarding the impact of French authorities' actions on Telegram’s blockchain initiatives, especially related to digital privacy and government oversight. Durov was detained for 96 hours and criticized the scrutiny faced by Telegram, warning against legislative efforts that threaten individual freedoms.

Winsage

April 24, 2025

An empty folder in Windows that «cannot be deleted» can permanently block OS updates

The inetpub folder, introduced in the April update of Windows 11 (version 24H2) as part of a fix for the CVE-2025-21204 vulnerability, has raised concerns among security researchers. It can be manipulated to block Windows updates without administrative rights by creating a symbolic link to notepad.exe, which can lead to a rollback of patches and leave the system vulnerable. Microsoft has not yet responded to this issue, and the possibility of a patch to address the new vulnerability is still open.