investigation Archives

AppWizard

April 6, 2025

Pentagon inspector general investigating Hegseth’s use of Signal messaging app

DoD's acting Inspector General, Steven Stebbins, is reviewing Defense Secretary Pete Hegseth's use of the Signal app for operational airstrike discussions in Yemen to evaluate compliance with policies on commercial messaging for official communications and classification mandates. Concurrently, House Oversight Committee Democrats are investigating the Department of Government Efficiency's data usage, while OPM is directing agencies to revise performance review processes to prioritize adherence to presidential policies. The Defense Department has mandated public reporting of canceled contracts linked to Trump's efficiency initiatives. The SSA is tightening identity-proofing requirements for benefit applications, discontinuing phone verification options. During a nomination hearing, Trump’s nominees for OPM and OMB faced questions regarding federal workforce reductions. The Army has abandoned plans for a billion-dollar software development contract after feedback on draft RFPs. Employees at the IMLS have been placed on administrative leave amid concerns over the agency's future and grant disbursement obligations following Trump's executive order aimed at eliminating smaller entities.

AppWizard

April 3, 2025

This sneaky Android spyware needs a password to uninstall. Here’s how to remove it without one

Consumer-grade phone surveillance applications are becoming more sophisticated and difficult to remove. A recent investigation revealed an Android monitoring app that requires a password for uninstallation, trapping users who want to remove it. This spyware uses an Android feature to overlay content, displaying a password prompt when users attempt to uninstall it. The password is set by the person who installed the app, complicating removal. A workaround involves rebooting the device into "safe mode," which temporarily disables third-party apps, allowing users to uninstall the spyware without encountering the password prompt. These spyware applications are often marketed as parental control or employee tracking tools but can be classified as "stalkerware," with some promoting surveillance of partners without consent, which is illegal. Spyware is typically downloaded from unofficial sources and installed by individuals with physical access to the target device. It may hide its icon and continuously upload sensitive data to a web dashboard accessible by the abuser. Identifying such spyware can be difficult, as it may appear as a benign app in Android settings. To identify and remove Android password-enabled spyware, users should have a safety plan before proceeding. A general guide for spyware removal suggests checking for unfamiliar device admin apps, as these may indicate spyware presence. Users can enter safe mode by holding the power button, selecting "power off," and confirming the reboot into safe mode. In safe mode, users can check for and deactivate any suspicious device admin apps, then uninstall the spyware from the apps section in settings. After removal, users should secure their devices with a complex passcode and protect online accounts linked to the device. Staying vigilant about digital security is essential to reduce the risk of invasive technologies. Resources are available for those who suspect their phone has been compromised by spyware.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.

AppWizard

March 28, 2025

Was the Signal Chat Illegal?

Some Democrats are claiming that the unintentional inclusion of a journalist in a Trump administration group chat about a military operation in Yemen may be criminal, with legal experts suggesting it could breach the Espionage Act. The chat took place on Signal and involved high-ranking national security officials, including Defense Secretary Pete Hegseth, who reportedly shared details about imminent military strikes. The Department of Defense prohibits sharing non-public information through messaging apps, and the Pentagon later warned of vulnerabilities in Signal that could be exploited by Russian hackers. House Speaker Mike Johnson called the use of Signal a "mistake," while several Democrats, including Sen. Elizabeth Warren and Rep. Jim Himes, expressed outrage and called for accountability. Legal experts stated that the chat likely violated the Espionage Act due to potential gross negligence in handling sensitive information. Despite the serious implications, there is skepticism about any prosecution occurring against those involved. The use of Signal raises concerns regarding compliance with federal open-records laws, as messages can be automatically deleted.

AppWizard

March 27, 2025

Bleach Rebirth of Souls patch notes for the game’s absolutely busted PC version

Bleach Rebirth of Souls has faced significant performance issues on PC since its release, with many players experiencing crashes and graphical glitches that prevent them from completing the tutorial. Bandai Namco has issued Version 1.03 patch notes to address these problems, marking their second attempt to improve the game within a week. Key fixes include resolving crashes during Story Mode, menu navigation, and online matches, as well as improving overall stability. The game currently holds a Mixed review rating on Steam. Bandai Namco encourages players to report ongoing issues, providing specific information such as GPU, CPU, operating system, and details of the issue to assist in their investigation. Players are also advised to send crash report files to customer support instead of posting them publicly.

AppWizard

March 27, 2025

What Is Signal, the App Used by Trump Staff, and Is It Safe?

The Trump administration is under scrutiny for officials using the messaging app Signal for discussions about sensitive military operations, revealed in an article by Jeffrey Goldberg on March 24. Secretary of Defense Pete Hegseth and others discussed military actions in Yemen via Signal, despite prior warnings from the U.S. government against using such applications for official communications. Democratic lawmakers, including Senator Chuck Schumer, are calling for an investigation into potential national security breaches. Signal, launched in 2014, emphasizes privacy through end-to-end encryption and has gained popularity among activists. However, its use in government contexts is contentious, with previous reprimands for non-compliance with federal record preservation requirements. Concerns have been raised about sharing sensitive information on Signal, although intelligence officials stated that no classified information was exchanged in the Trump officials' conversations. The Pentagon has warned military personnel about using Signal due to risks from Russian hackers, and experts suggest that government-specific communication tools would provide a higher level of security.

AppWizard

March 26, 2025

Devious new Android malware uses a Microsoft tool to avoid being spotted

Cybercriminals are using legitimate software tools to create deceptive Android applications that steal sensitive user information. McAfee's findings indicate that hackers are exploiting the .NET MAUI framework to develop sophisticated malware that can evade traditional antivirus detection. The malware uses a multi-stage dynamic loading process, incrementally loading and decrypting code, making it difficult for security software to identify the applications' true nature. Hackers add extraneous settings and permissions to confuse security scanners and use encrypted communications for data transmission instead of standard internet requests. These malicious applications are not found in reputable app stores like Google Play but are distributed through unofficial app stores, often accessed via phishing links. Examples include a counterfeit banking app and a fraudulent social networking service targeting the Chinese-speaking community. The main goal of these apps is to secretly extract user data and send it to the attackers' servers. Users are advised to download apps only from official repositories and to be cautious by reviewing user feedback before installation.

AppWizard

March 26, 2025

How secure is signal? The messaging app used by Trump team to share war plans

Senior officials from the Trump administration accidentally shared sensitive military discussions on the encrypted messaging platform Signal, leading to calls from Democratic lawmakers for a congressional investigation. A journalist was mistakenly included in a group chat, giving him access to confidential conversations about military operations in Yemen. Signal is an open-source messaging platform known for its end-to-end encryption and prioritizes user privacy by retaining minimal data. User chats and contacts are stored locally on devices, and the app allows for automatic deletion of conversations. Signal operates independently of government servers and does not use governmental encryption methods. Cybersecurity expert Rocky Cole stated that the risk of discussing sensitive information on Signal is less about its security and more about the potential compromise of the mobile device itself.

Winsage

March 26, 2025

Windows 11 update breaks Veeam recovery, causes connection errors

Microsoft and Veeam are addressing connection errors affecting users of Windows 11 24H2 systems, particularly those restoring data with Veeam Recovery Media on builds 26100.3194 and higher. The errors occur when attempting to restore files from a Veeam Backup & Replication server or SMB network share, with messages indicating network connection failures and issues with the Local Security Authority. Veeam suggests using Recovery Media from older Windows 11 builds (26100.3037 or lower) as a temporary solution. Veeam clarified that they cannot provide pre-generated Recovery Media images due to proprietary components. Over 550,000 customers use Veeam products, including 82% of Fortune 500 companies. In February, Microsoft also addressed issues related to the KB5051987 update that affected Outlook functionalities on Windows 24H2 systems.

Winsage

March 26, 2025

Chrome failed to install on Windows PCs, but Google has issued a fix

Several Reddit users have reported difficulties installing Google Chrome on Windows PCs, a problem also experienced by the Laptop Mag team on multiple Windows 11 laptops. Users noted that the direct download from Google was problematic, while a workaround using the installer from ninite.com was successful. Issues were reported on both Windows 10 and 11, with speculation about a glitch in the latest installer release. Google acknowledged the issue and confirmed a fix had been implemented, allowing successful installations afterward. A step-by-step guide for resolving the installation hurdle was provided, recommending the use of an offline installer named “ChromeStandAloneSetup64.”