We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

cybersecurity threats

Modernizing Public Sector IT with PostgreSQL
Tech Optimizer
May 20, 2025

Modernizing Public Sector IT with PostgreSQL

On June 24, 2025, a webinar will discuss how PostgreSQL can help government agencies modernize their IT infrastructures while maintaining security and managing costs. The session will cover PostgreSQL's capabilities in addressing legacy system migration, regulatory compliance, and its certifications like FedRAMP and DISA STIG that ensure it meets federal security standards. Gianni Cioli, a PostgreSQL consultant with over 15 years of experience, will be the speaker.
Microsoft Confirms Windows Is Under Attack — You Must Act Now
Winsage
May 14, 2025

Microsoft Confirms Windows Is Under Attack — You Must Act Now

Microsoft has confirmed multiple zero-day vulnerabilities being actively targeted by malicious actors. One significant vulnerability is CVE-2025-30397, a memory corruption flaw in the Windows scripting engine that affects all versions of Windows and allows code execution over the network. It has a CVSS score of 7.8 and is considered critical. Successful exploitation requires the target to use Edge in Internet Explorer Mode and for the user to click a malicious link. Other vulnerabilities include: - CVE-2025-32709: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows Server 12 and later. - CVE-2025-32701 and CVE-2025-32706: Vulnerabilities in the Windows Common Log File Driver System that could allow local attackers to gain system privileges, affecting all versions of Windows. - CVE-2025-30400: An elevation of privilege vulnerability in the Windows desktop window manager, affecting Windows 10, Server 2016, and later OS versions. Windows users are urged to update their systems with the latest security patches immediately.
'Intrusion Detection' might help Android 16 users catch suspicious phone activity
AppWizard
May 6, 2025

‘Intrusion Detection’ might help Android 16 users catch suspicious phone activity

Google is set to introduce a security feature called "Intrusion Detection" in its upcoming Android 16, aimed at enhancing user security against threats. This feature, found in a beta version of the Google Play Services app, will log encrypted entries of essential device information to help users identify suspicious activity. "Intrusion Detection" is expected to be part of the Advanced Protection Program, which includes measures against malicious downloads and supports passkey sign-ins, moving away from traditional passwords. The feature's development has progressed, but it is unclear if it will launch with Android 16 or later. Android 16 Beta 4 was released to testers in mid-April, leading up to the anticipated full launch in May 2025.
Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses
Tech Optimizer
May 5, 2025

Chimera Malware: Outsmarting Antivirus, Firewalls, and Human Defenses

X Business, an e-commerce store specializing in handmade home décor, experienced a cybersecurity incident involving a malware strain called Chimera. The attack began during a routine update to their inventory management system and escalated within 12 hours, resulting in halted customer orders, locked employee accounts, and a crashed website. The attackers demanded a ransom of 0,000 in cryptocurrency, threatening to expose sensitive customer data. Chimera is an AI-driven malware that adapts its code to evade detection, targeting both Windows and macOS systems. It exploited a zero-day vulnerability in Windows' Print Spooler service and bypassed macOS security measures by forging code signatures. The malware used social engineering tactics to deceive employees into activating malicious payloads, leading to compromised systems and encrypted customer data. The recovery process took 48 hours, utilizing cybersecurity tools like CrowdStrike Falcon and SentinelOne Singularity to identify and isolate the malware. Data restoration was achieved through Acronis Cyber Protect and macOS Time Machine, while vulnerabilities were addressed with Qualys and emergency patch deployment via WSUS. The network security framework was improved using Cisco Umbrella and Zscaler Private Access to implement a Zero Trust architecture. The incident highlights the need for small enterprises to adopt proactive cybersecurity strategies, including a 3-2-1 backup approach, Zero Trust models, investment in AI-driven defense tools, and employee training to recognize social engineering attempts.
App Developer Magazine may 2025
AppWizard
May 2, 2025

App Developer Magazine may 2025

Google's Play Store has undergone a significant overhaul, resulting in a 47% reduction in app listings due to stricter enforcement, enhanced developer verification, and AI-driven moderation. This change aligns Google more closely with Apple's curated ecosystem. New tools in the Play Console Insights are designed to improve app performance for developers. Apple has achieved a milestone in emissions reduction and is preparing for WWDC 2025 on June 9. Blizzard's Diablo 4 has introduced a new mechanic called Piranhado, and SEMO has launched a game development degree program. Nutrient is expanding its cloud services, and student-led initiatives are addressing cybersecurity threats in universities. AI developments include a smart builder for converting spreadsheets into applications and AutonomyAI's autonomous agent platform.
12 Android apps secretly recorded your conversations
AppWizard
April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
Winsage
April 17, 2025

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

CVE-2025-24054 is a vulnerability that allows attackers to capture NTLMv2-SSP hashes from a victim's machine during authentication requests to an attacker-controlled SMB server. Active exploitation of this vulnerability has been observed since March 19, 2025, targeting government and private sectors in Poland and Romania. The attacks involve phishing emails that lead victims to download an archive file containing exploits designed to leak NTLMv2-SSP hashes. Microsoft has released patches for this vulnerability, but users on older, unsupported versions may need to consider micropatching.
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
Winsage
April 8, 2025

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

April 2025 Patch Tuesday introduced fixes for over 120 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS), allowing privilege escalation to SYSTEM on compromised Windows machines. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. Updates for Windows 10 are not yet available. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, both unauthenticated user-after-free vulnerabilities in Windows LDAP, and CVE-2025-27480 and CVE-2025-27482 in Windows Remote Desktop Services. None of these vulnerabilities have been patched for Windows 10 systems, but updates are forthcoming. Microsoft reversed its decision to discontinue driver update synchronization to WSUS servers, confirming that WSUS will continue to synchronize driver updates.
Ahead of Signal leak, Pentagon warned of app's weaknesses
AppWizard
March 28, 2025

Ahead of Signal leak, Pentagon warned of app’s weaknesses

The Pentagon has issued a warning about the security of the messaging application Signal, advising against its use for any communications, including unclassified ones, due to concerns over hacking vulnerabilities following a significant leak. This advisory reflects an increased awareness of cybersecurity threats and the need for robust security measures in communications, prompting individuals and organizations to reconsider their reliance on Signal and explore alternatives.
Search