vulnerability management Archives

AppWizard

June 2, 2025

Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

On May 30, 2025, CERT Polska disclosed three security vulnerabilities affecting preinstalled Android applications on Ulefone and Krüger&Matz smartphones: CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917. - CVE-2024-13915: The com.pri.factorytest application allows any app to invoke the FactoryResetService, enabling unauthorized factory resets due to improper export controls (CWE-926). - CVE-2024-13916: The com.pri.applock application exposes a public method that allows malicious apps to steal the user’s PIN, representing an exposure of sensitive system information (CWE-497). - CVE-2024-13917: The exported activity in com.pri.applock allows privilege escalation by enabling malicious apps to inject intents with system-level privileges if they have access to the compromised PIN (CWE-926). Users of affected devices are advised to seek firmware updates or mitigations from their vendors.

Tech Optimizer

May 27, 2025

Microsoft Defender vs Bitdefender: Compare Antivirus Software

eSecurity Planet maintains editorial independence in content and product recommendations, ensuring financial gain from partner links does not influence information integrity. Microsoft Defender and Bitdefender are prominent small business security providers. Microsoft Defender is ideal for larger SMBs, starting at .00 per user per month, while Bitdefender is suited for startups with over 10 employees, starting at .33 per user per month. Microsoft Defender Overview: - Overall Rating: 3.7/5 - Pricing: 4.4/5 - Features: 3.4/5 - Ease of Use and Administration: 3.8/5 - Customer Support: 3.7/5 - Features include next-gen antivirus, vulnerability management, and EDR. Bitdefender Overview: - Overall Rating: 3.4/5 - Pricing: 3.8/5 - Features: 3/5 - Ease of Use and Administration: 3.4/5 - Customer Support: 4/5 - Features include identity protection, a VPN, and a password manager. Pricing Comparison: - Microsoft Defender: Free Trial: 90 days; Least Expensive Plan: .00/user/month; Mid-Range Plan: .50/user/month; Most Expensive Plan: .00/user/month. - Bitdefender: 30-day money-back guarantee; Least Expensive Plan: .33/user/month; Mid-Range Plan: Not specified; Most Expensive Plan: Not specified. Feature Comparison: - Microsoft Defender offers robust endpoint protection but lacks clarity on web browsing protection and ad-blocking. - Bitdefender offers identity exposure protection, a VPN, and a password manager but also lacks web browsing and ad-blocking features. Ease of Use and Administration: - Microsoft Defender supports macOS, Windows, and Linux Server; Bitdefender supports macOS and Windows but lacks Linux support. Customer Support Comparison: - Microsoft provides phone and live chat support; Bitdefender offers email and chat support, with limited phone support for small business users. Alternative Solutions include Norton, McAfee, and Trend Micro, each offering different features and pricing structures. Evaluation Methodology focused on pricing, features, ease of use, and customer support, with Microsoft winning in pricing, features, and ease of use, while Bitdefender excelled in customer support.

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

Winsage

April 28, 2025

While Windows 10 users panic, Ubuntu makes extending support easy

Ubuntu offers a service called Ubuntu Pro that allows home users to extend support for Ubuntu 20.04 at no cost through Extended Security Maintenance (ESM), providing a decade of vulnerability management for critical, high, and select medium security issues. Ubuntu 20.04, launched in 2020, has five years of support remaining. Users can create a free Ubuntu Pro account to link their operating system to ESM, which can be done by executing the command "sudo pro attach TOKEN" after obtaining a unique token from their account. ESM is available for all Long Term Support (LTS) versions of Ubuntu, including 20.04, 22.04, and 24.04, with support lasting until 2030, 2032, and 2034, respectively.

Winsage

March 12, 2025

Microsoft patches Windows Kernel zero-day exploited since 2023

ESET has identified a zero-day vulnerability in the Windows Win32 Kernel Subsystem, designated as CVE-2025-24983, which has been exploited since March 2023. This vulnerability, stemming from a use-after-free weakness, allows low-privileged attackers to escalate access to SYSTEM privileges without user interaction. It primarily affects older Windows versions, including Windows Server 2012 R2 and Windows 8.1, but also poses risks to newer versions like Windows Server 2016 and Windows 10 (build 1809 and earlier). The exploit was first seen in the wild in March 2023, targeting systems compromised by the PipeMagic malware. Microsoft has addressed this vulnerability in the recent Patch Tuesday updates. Additionally, five other zero-day vulnerabilities were also patched, and CISA has mandated that Federal Civilian Executive Branch agencies secure their systems by April 1st.

Winsage

March 4, 2025

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a command injection vulnerability (CVE-2023-20118) affecting Cisco Small Business RV Series Routers, which are end-of-life. This vulnerability, rated 6.5 on the CVSSv3.1 scale, allows authenticated attackers to execute arbitrary commands with root privileges. The affected models include RV016, RV042, RV042G, RV082, RV320, and RV325, running firmware versions released before April 2023. Cisco will not provide patches for these devices. CISA mandates that federal agencies either implement mitigations or stop using the routers by March 24, 2025. Private organizations are also encouraged to address the issue, especially due to exploitation attempts linked to the PolarEdge botnet campaign. Administrators are advised to restrict administrative access, monitor logs for unusual activity, and consider decommissioning affected devices. The continued use of unpatched routers poses significant risks to critical infrastructure, particularly in small business and remote work environments.

Tech Optimizer

February 7, 2025

What is Managed Endpoint Protection?

Managed Endpoint Protection involves outsourcing endpoint security for devices like laptops, desktops, and servers to specialized providers. These services offer continuous monitoring, automated responses, and compliance checks, utilizing advanced analytics and real-time threat intelligence. Key features include continuous monitoring, automated threat containment, vulnerability management, forensic analysis, compliance tools, and threat hunting. Managed services address various threats such as ransomware, phishing, zero-day exploits, credential theft, insider threats, DDoS attacks, and data exfiltration. Benefits include 24/7 expert coverage, access to specialized threat intelligence, faster incident response, reduced operational complexity, predictable pricing, and improved compliance. Challenges include the rapidly evolving threat landscape, skills shortage, budget constraints, and ensuring real-time visibility. Best practices for implementation involve maintaining asset inventories, defining roles, fine-tuning detection thresholds, conducting regular drills, and integrating with broader security measures. When choosing a provider, factors to consider include technical expertise, service level agreements, integration capabilities, pricing, compliance, and ongoing support. SentinelOne offers an autonomous cybersecurity platform that enhances endpoint security through superior visibility, automated responses, and customizable features.

Winsage

December 17, 2024

New Microsoft Windows Security Deadline—CISA Says Update Before Jan. 6

CISA has added the Microsoft Windows kernel security vulnerability CVE-2024-35250 to its Known Exploited Vulnerabilities catalog, requiring organizations to address it by January 6, 2025. This vulnerability, characterized as a "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability," allows attackers to escalate privileges from local user to administrator and was patched in June 2024. The attack complexity is rated as low, making it easier to exploit. CISA advises all organizations to prioritize remediation of this vulnerability, which affects all versions from Windows 10 and Windows Server 2008 onward.

Winsage

December 13, 2024

Ready to ditch Windows? 5 factors to help you decide between Linux or MacOS

Microsoft will end support for Windows 10 in October 2025, leaving users vulnerable to security threats without updates. Upgrading to Windows 11 requires hardware compatibility checks. MacOS is free but requires expensive Apple hardware, while Linux can be downloaded for free and installed on multiple machines. MacOS limits users to three hardware options, whereas Linux offers a wide range of hardware choices and customization options. MacOS is user-friendly but less customizable, while Linux provides extensive personalization. Open-source Linux software typically receives faster security updates compared to proprietary systems like MacOS. Both Linux and MacOS are reliable, with Linux often considered more stable than MacOS.

Winsage

October 28, 2024

Tenable reveals vulnerability in Open Policy Agent for Windows

Tenable has identified a vulnerability, tracked as CVE-2024-8260, affecting all versions of Open Policy Agent (OPA) for Windows prior to version 0.68.0. This medium-severity Server Message Block (SMB) force-authentication vulnerability arises from improper input validation, allowing an arbitrary SMB share to be passed instead of a legitimate Rego file. This can lead to unauthorized access and the leakage of a user's Net-NTLMv2 hash, posing a significant security threat. Organizations using older versions of OPA on Windows are advised to update to version 0.68.0 to mitigate this risk.