methods Archives

Tech Optimizer

June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6

AppWizard

June 5, 2025

Emerging online scams are making users more vigilant, says Google

Over 60% of U.S. consumers have encountered scams, indicating a growing awareness of digital threats. More than 60% of Gen X and Baby Boomers still use traditional passwords, while younger generations prefer passkeys. Google has enhanced scam detection capabilities on Android devices, introducing features to identify potential scams in calls and texts. Over 60% of consumers perceive an increase in scams over the past year, with one-third reporting personal data breaches. Google promotes passwordless sign-in options like passkeys and "Sign in with Google" to improve security. Recent updates include enhanced scam detection in Google Messages and Chrome, and the Safety Check feature in Chrome now monitors for malicious notifications. Google has also released findings on prevalent scams, such as customer support fraud and package tracking schemes.

Tech Optimizer

June 4, 2025

Migrate Google Cloud SQL for PostgreSQL to Amazon RDS and Amazon Aurora using pglogical

PostgreSQL is a popular open-source relational database used by enterprise developers and startups, enabling rapid prototyping and supporting mission-critical applications. Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL-Compatible Edition facilitate easy setup, operation, and scaling of PostgreSQL deployments in the AWS Cloud, automating administrative tasks like software installation, storage management, and backups. The pglogical extension, compatible with PostgreSQL versions 9.4 and higher, allows for asynchronous replication and is supported on RDS for PostgreSQL and Aurora PostgreSQL from version 12. It uses a publisher/subscriber model for logical streaming replication. To migrate a PostgreSQL database from Google Cloud SQL to RDS for PostgreSQL or Aurora PostgreSQL, users must configure the primary database in Cloud SQL, create a PostgreSQL user with replication privileges, enable logical replication parameters, and create the pglogical extension. The RDS instance also requires a special user for replication, enabling logical replication parameters and creating the pglogical extension. Known limitations of pglogical include the inability to replicate primary key changes directly, the need to manually transfer extensions, and the lack of support for materialized views and large objects. Workarounds involve using surrogate keys for primary keys, manually creating extensions, and converting large objects to bytea columns or storing them in Amazon S3. DDL statements are not automatically replicated, but can be queued using the pglogical.replicate_ddl_command function.

Tech Optimizer

June 4, 2025

Do I need an antivirus and a VPN?

Reliance on antivirus software for device protection is common, but certain threats, especially ransomware, can bypass even the best solutions. Cybercriminals have shifted tactics from encrypting data for ransom to exfiltrating sensitive information and threatening to leak it. The availability of ransomware kits and the use of AI by attackers have made cybercrime more accessible and targeted. Remote work environments increase vulnerabilities, as hackers exploit unsecured networks and personal devices. Antivirus software can help protect against malware and viruses, but built-in solutions often lack comprehensive security. A high-quality antivirus program can enhance protection through advanced features and AI. A Virtual Private Network (VPN) encrypts data and secures internet traffic, making it a valuable tool for cybersecurity. Implementing a VPN is cost-effective compared to potential data breach costs. Using both a VPN and antivirus software is essential for comprehensive coverage, as they address different security aspects. Businesses may need advanced endpoint protection solutions for heightened security, which continuously scans for suspicious behavior and integrates multiple security features. Despite these tools, proper personal practices and cybersecurity awareness are crucial to minimize vulnerabilities and human error, which is a leading cause of cyberattacks.

AppWizard

June 4, 2025

Meta Pixel halts Android localhost tracking after disclosure

Security researchers have found that Meta and Yandex used native Android applications to access localhost ports, allowing them to link web browsing data with user identities and bypass privacy protections. Following these findings, Meta stopped its data transmission to localhost and removed much of the tracking code to comply with Google Play policies. A report from researchers at IMDEA Networks, Radboud University, and KU Leuven detailed how apps like Facebook and Instagram collected web cookie data via the loopback interface. This method allowed the companies to associate browsing sessions with user identities, undermining privacy measures. Meta's tracking process involved the Meta Pixel script, which transmitted cookies to native apps through various protocols. Meta began using this technique in September 2024 but ceased these practices by June 3rd, 2025. Yandex's localhost tracking dates back to 2017, and while they did not respond to inquiries, browser vendors have implemented mitigations against these practices. Proposed solutions include a new permission for local network access to prevent such tracking in the future.

AppWizard

June 3, 2025

Facebook, Yandex Apps Secretly Track Users Via Hidden Ports, Research Claims

Recent findings from IMDEA Networks Institute indicate that Facebook and Instagram apps have been tracking Android users' web browsing activities without consent, bypassing privacy controls and functioning even in incognito mode. This tracking affects millions of websites using Meta's tracking code. Yandex has employed similar tracking techniques since 2017, creating a cross-platform surveillance network. The tracking exploits Android’s permission system by establishing background services that listen on network ports, allowing the apps to capture browsing data and associate it with users' accounts. Meta's pixel is present on about 5.8 million websites, while Yandex Metrica is on around 3 million sites, potentially impacting billions of users. Approximately 78% of sites with Meta’s pixel and 84% of Yandex's sites attempted localhost communications without user consent. This tracking method operates at the operating system level, unaffected by cookie clearing, incognito modes, or privacy settings. Researchers have demonstrated that malicious apps could exploit this technique to gather users' browsing histories. Many website operators were unaware of these localhost communications, leading to confusion and complaints. In response, major browser vendors are implementing measures to block these tracking methods. Meta ceased this tracking on June 3rd, coinciding with the research's public release. The research highlights a significant security gap in mobile platforms regarding localhost communications, emphasizing the need for stricter policies and vetting processes.

Tech Optimizer

June 3, 2025

I learned these 6 antivirus myths for PCs are completely wrong

Antivirus software on Windows was once essential due to security vulnerabilities, but built-in protection in Windows 8 and later versions often suffices for everyday use. Modern third-party antivirus applications are designed to be efficient and have minimal impact on system performance. All operating systems, including macOS, Linux, iOS, and Android, are susceptible to malware, contrary to the belief that only Windows needs antivirus protection. Manual virus scans are no longer necessary as modern solutions provide real-time monitoring. Antivirus software should be part of a broader security strategy that includes regular updates and secure online practices. Relying solely on cautious behavior is insufficient, as threats can emerge from various sources. Using antivirus software is still recommended, and users can complement built-in security features with third-party solutions.

Tech Optimizer

June 3, 2025

How we test antivirus software

Robust antivirus software is essential for protecting sensitive data in personal and business contexts. Different antivirus solutions vary in malware detection and overall protection. The ideal antivirus balances comprehensive coverage with system performance. Resources like AV-Comparatives and AV-Test provide impartial testing of antivirus capabilities, including real-world protection tests and evaluations of false alarms. Performance and customer support are critical factors in antivirus software evaluation. The impact on device speed and resource consumption is important, as is the quality of customer support for troubleshooting. Reliable support options enhance user satisfaction. Thorough testing of antivirus software is crucial due to the evolving tactics of cybercriminals. Not all antivirus solutions are equally effective, and rigorous evaluation helps identify subpar options and false positives. Free antivirus options may suffice for casual users, but premium versions often offer better features and protections. Meticulous testing ensures that security software meets its promises and helps users make informed decisions.

AppWizard

June 3, 2025

This Android loophole could have let your apps spy on your web browsing

Meta and Yandex have exploited a loophole in the Android operating system, allowing them to link web browsing data with app identities, bypassing privacy measures like incognito mode. This was revealed by researchers from the Local Mess project, who found that tracking scripts (Meta Pixel and Yandex Metrica) embedded in millions of websites transmit data from web browsers to apps such as Facebook, Instagram, and Yandex Maps through local network connections. Meta began using this technique in late 2024, while Yandex has been doing so since 2017. The loophole allows browser data to be sent to localhost, enabling apps to access it without user notification. In response, Meta has paused the feature and is working with Google to address the issue, which Google acknowledges violates Play Store policies. Some browsers are blocking this tracking, but researchers warn that solutions may be temporary without stricter restrictions on app access to local ports. The study indicates that most sites using these trackers start data collection immediately upon visiting, often before consent is requested. To prevent this tracking, users are advised to uninstall the affected applications.

AppWizard

June 2, 2025

Explore New Worlds and Sounds: How to Safely Download Minecraft APK and Spotify Premium APK

Smartphones are essential for accessing creative and entertainment applications like Minecraft and Spotify. The Minecraft APK allows users to play the game on unsupported devices, access updates without delays, and experiment with mods. The Spotify Premium APK enables ad-free streaming, offline downloads, and superior sound quality. Safe downloading involves choosing trusted sources, enabling "Unknown Sources" in device settings, installing cautiously while monitoring permissions, and keeping the device updated to prevent vulnerabilities.