virtual private networks Archives

Tech Optimizer

June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Tech Optimizer

May 19, 2025

This new Defendnot trojan can get Windows to disable its own antivirus software

A researcher using the pseudonym es3n1n has created a tool called Defendnot that manipulates Windows operating systems to disable Microsoft Defender, making devices vulnerable to malware. Defendnot simulates the presence of a legitimate antivirus by using an undocumented API in the Windows Security Center, convincing Windows that a valid antivirus is installed. This development raises concerns about cybersecurity, as it undermines the effectiveness of built-in antivirus protections like Windows Defender.

Tech Optimizer

February 28, 2025

TopTen Best Software Launches “The Ultimate Antivirus Buyer’s Guide” to Empower Consumers with Informed Security Choices

California-based TopTen Best Software has released "The Ultimate Antivirus Buyer's Guide: Tips for Choosing the Right Protection" to help users make informed decisions about antivirus software. The guide emphasizes understanding individual needs, recommending basic antivirus for casual users, multi-device coverage for small businesses, lightweight options for gamers, and software with parental controls for families. Key features to consider include real-time scanning, firewall protection, anti-phishing tools, VPN services, and password managers. Compatibility with operating systems and user experience are important factors, along with reliable customer support and independent lab test results. The guide advises comparing pricing and exploring free trials, highlighting that paid versions often offer better protection. Regular software updates are essential for optimal security, and TopTen Best Software provides side-by-side comparisons of antivirus products.

Tech Optimizer

December 11, 2024

Top 5 Reasons Cybersecurity Is a Huge Problem in Minnesota

Minnesota ranks 39th in the number of cybercrime victims per 100,000 residents and 8th in average loss per victim, indicating significant financial damage from cyber incidents. Many residents lack sufficient insurance for cyber-related losses, leaving them to bear recovery costs. Small businesses are particularly vulnerable to phishing and ransomware attacks, often unprepared for recovery. There is a lack of diversity in cybersecurity tools, with many relying solely on antivirus software and free solutions that offer inadequate protection. Awareness of essential tools like VPNs and anti-ransomware software is low. Limited public education on online safety leaves individuals and employees of small businesses susceptible to scams. The healthcare sector is frequently targeted by ransomware attacks, and local industries face unique cyber challenges due to outdated systems. Reliance on outdated technology increases vulnerabilities, as these systems often lack necessary security features and are incompatible with modern cybersecurity tools.

Tech Optimizer

November 27, 2024

Do Macs Need Antivirus Protection?

Mac computers by Apple are known for their design, performance, and security features, but they are not immune to viruses and malware. macOS includes built-in security measures like Gatekeeper, XProtect, and Sandboxing, which help protect against cyber threats, but these features are not foolproof. High-profile malware campaigns, such as Silver Sparrow and Shlayer, have targeted macOS, highlighting the need for user vigilance. Antivirus software can provide additional security by offering real-time monitoring, continuous scanning, and privacy tools. Users who engage only with trusted sites and download apps from the Mac App Store may find built-in protections sufficient, but risks remain, including zero-day vulnerabilities and phishing attempts. Enhancing security can involve enabling the firewall, keeping macOS updated, using strong passwords, and activating FileVault for data encryption. While antivirus may not be essential for all Mac users, it can offer peace of mind, depending on individual online habits and data sensitivity.

Tech Optimizer

November 26, 2024

Readers’ Choice 2024: The PC Security and Online Privacy Brands You Trust Most

PCMag has reviewed antivirus software since 1988 and evaluated over 150 security applications last year. A recent survey revealed consumer preferences for antivirus software and VPNs. For 2024, Proton emerged as the top VPN brand with a score of 9.0 out of 10, while Bitdefender was rated the most trusted antivirus brand, receiving a perfect five-star rating. Trend Micro won the Reader's Choice Award for security suites, surpassing Bitdefender. In mobile antivirus, Bitdefender was the preferred choice, excelling in most categories. The survey for Antivirus and Security Suites was conducted from September 10 to November 4, 2024.

Tech Optimizer

September 20, 2024

macOS Sequoia change breaks networking for VPN, antivirus software

Users of macOS 15, also known as 'Sequoia,' are experiencing network connection issues with certain endpoint detection and response (EDR) solutions, VPNs, and web browsers, particularly with CrowdStrike Falcon and ESET Endpoint Security. These problems seem to resolve when the tools are deactivated, indicating a compatibility issue with the operating system's network stack. Firewall configurations are causing packet corruption and SSL failures, affecting command-line tools like 'wget' and 'curl.' CrowdStrike has advised customers against upgrading to macOS 15 due to significant changes in networking structures, and similar warnings have been issued by SentinelOne Support. Users have reported connectivity issues with Mullvad VPN and corporate VPNs, while ProtonVPN appears to function without problems. ESET recommends removing ESET Network from the filters in System Settings to restore network functionality for certain versions of their software. Security researcher Wacław Jacek has suggested a temporary fix for firewall issues, and Mullvad VPN is aware of the problems and is working on a resolution. Users relying on EDR products, VPNs, or strict firewall configurations may want to delay upgrading to macOS 15 until these issues are resolved.

Winsage

September 19, 2024

Do You Need an Antivirus Program on Windows?

Antivirus software has evolved significantly, with many users now relying on the built-in Windows Security tool, which includes virus and malware protection, a firewall, and browser controls. Windows Security operates automatically, scanning for threats and updating virus definitions, while also providing device security features based on hardware. Although antivirus software offers additional features like VPNs, parental controls, and password managers, the necessity of installing such software depends on personal preference and risk tolerance. Regular updates for both Windows and web browsers are essential for security, as outdated software can be exploited by malware. Engaging in risky online behavior increases vulnerability, and while antivirus programs can enhance security, they are no longer essential for modern Windows systems.

AppWizard

August 10, 2024

Russia blocks access to Signal messaging app across the country

Russia's state communications authority, Roskomnadzor, has blocked access to the Signal messaging app due to alleged non-compliance with anti-terrorism regulations. Reports indicate that users began experiencing access issues on August 8, with Roskomnadzor stating that the blockade aims to prevent the use of the app for terrorist and extremist purposes. Speculation suggests the disruptions may be related to military actions by Ukraine, as Ukrainian Armed Forces are believed to use Signal for communication. Additionally, there have been reports of YouTube outages in Russia, with users experiencing service interruptions. An anonymous source claims the government has been throttling YouTube since July to shift blame onto Google, while the Kremlin attributes the issues to outdated equipment. YouTube remains a crucial platform for free expression in Russia, utilized by opposition figures and independent media.