methods Archives

AppWizard

August 25, 2025

Malicious Android apps with 19M installs removed from Google Play

Zscaler's ThreatLabs team discovered 77 malicious Android applications on Google Play that collectively garnered over 19 million downloads. The Anatsa (Tea Bot) banking trojan was identified as the main threat, evolving to target 831 banking and cryptocurrency apps. More than 66% of the malicious apps contained adware, while nearly 25% were infected with Joker malware, which can perform intrusive actions like sending texts and accessing sensitive information. A variant of Joker, named Harly, disguises itself within legitimate applications. Anatsa employs various evasion tactics, including using a decoy app to download its payload post-installation and altering package names to complicate detection. Following the findings, Google removed the identified malicious apps from the Play Store, and users are advised to ensure their Play Protect service is active and to take precautions if infected.

AppWizard

August 25, 2025

Google will require developer verification to install Android apps, including sideloading

Starting in 2026, Google will only allow applications from verified developers to be installed on certified Android devices. This requirement targets certified Android devices with Play Protect and preloaded Google applications, extending to all installation methods, including third-party app stores and sideloading. The verification process will begin in October for select developers, with a wider rollout planned for March 2026. The requirement will take effect in September 2026 for users in Brazil, Indonesia, Singapore, and Thailand, and will be implemented globally in 2027. Google has received positive feedback from various government authorities regarding this initiative.

Tech Optimizer

August 25, 2025

PostgreSQL to MySQL Migration: Scalability with CDC and Hybrids

Organizations are migrating from PostgreSQL to MySQL to enhance scalability in e-commerce and web applications. Real-time migration, using change data capture (CDC), allows continuous synchronization with minimal downtime, making it suitable for high-traffic platforms. Tools like Debezium enable low-latency replication but face challenges such as network overhead and error handling. Batch migration is effective for large, static datasets, using tools like pg_dump and mysqldump, though it can lead to extended downtime. Hybrid migration strategies are emerging, combining real-time and batch processes, with tools like Estuary Flow and AWS Database Migration Service (DMS) facilitating these transitions. Compatibility challenges exist, such as differing data types, and best practices suggest starting with batch processes followed by real-time updates. Future trends indicate that AI-driven automation may improve migration techniques, and the choice of strategy should align with specific workload requirements.

AppWizard

August 24, 2025

Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

A study by Arizona State University and Citizen Lab found that three families of Android VPN apps, with over 700 million downloads, have significant security vulnerabilities. Apple has released a fix for a zero-day vulnerability (CVE-2025-43300) that was being exploited in targeted attacks. Researchers from the University of Melbourne and Imperial College London developed a method using lightweight large language models to improve incident response planning. The FBI and Cisco warned about a Russian threat group exploiting an old Cisco vulnerability (CVE-2018-0171) to compromise critical infrastructure. Fog Security researchers discovered a flaw in AWS’s Trusted Advisor tool that could mislead users about the security of their data. AI is now being used in security operations centers to reduce alert noise and assist analysts. U.S. federal prosecutors charged an individual linked to the Rapper Bot DDoS botnet. Nikoloz Kokhreidze discussed the strategic choice between hiring a fractional or full-time Chief Information Security Officer for B2B companies. Commvault patched four vulnerabilities that risked remote code execution. Jacob Ideskog highlighted security risks posed by AI agents. VX Underground released an exploit for two SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999). Healthcare organizations are preparing for new password security risks in 2025 that may threaten HIPAA compliance. Researchers identified a spear-phishing campaign using the Noodlophile infostealer. Financial institutions are increasingly using open-source intelligence tools to combat money laundering. Greg Bak discussed security risks for DevOps teams in the cloud. NIST released guidelines for detecting morph attacks. Organizations face six challenges in implementing machine learning and AI security. Recep Ozdag discussed vulnerabilities in airport and airline systems. Google introduced new AI and cloud security capabilities at the Cloud Security Summit 2025. Cybersecurity myths continue to complicate the security landscape. LudusHound is an open-source tool that replicates an Active Directory environment for testing. Buttercup is an AI-powered platform for automated vulnerability management in open-source software. The book "Data Engineering for Cybersecurity" addresses challenges in managing logs and telemetry data. A selection of current cybersecurity job openings has been compiled. A forthcoming webinar will discuss AI and SaaS security risks. The iStorage datAshur PRO+C is a USB-C flash drive with AES-XTS 256-bit hardware encryption. New infosec products were released by companies such as Doppel, Druva, LastPass, and StackHawk.

Winsage

August 23, 2025

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

A new method allows attackers to extract Windows secrets and credentials without being detected by most Endpoint Detection and Response (EDR) solutions. This technique enables individuals with access to a Windows machine to gather credentials for lateral movement within a network. The Local Security Authority (LSA) manages sensitive information through two in-memory databases: the SAM database, which stores user credentials, and the Security database, which holds LSA secrets. Access to these databases requires interaction with the SAM and SECURITY registry hives, protected by Discretionary Access Control Lists (DACLs) that limit access to SYSTEM privileges. Attackers typically face detection when accessing the lsass.exe process memory, as EDR solutions monitor high-risk activities. Researcher Sud0Ru has introduced a method that bypasses these defenses by using the undocumented API NtOpenKeyEx with the REGOPTIONBACKUPRESTORE flag, allowing attackers to read the SAM and SECURITY hives without SYSTEM-level privileges. To avoid detection, attackers use the RegQueryMultipleValuesW API, which is less monitored by EDRs, to extract encrypted secrets from the hives. This approach allows the operation to occur entirely in memory, leaving no on-disk artifacts and evading typical security alerts.

Tech Optimizer

August 23, 2025

pgEdge Platform v25 Enhances Distributed PostgreSQL with Zero Downtime Upgrades and Advanced Conflict Resolution

pgEdge, Inc. has released pgEdge Platform v25, enhancing its distributed PostgreSQL solution for multi-master database workloads. Key features include true zero downtime capabilities for seamless node addition and PostgreSQL upgrades, automatic conflict resolution for various scenarios, and performance enhancements such as in-memory exception handling and precise lag tracking. An interactive installation script simplifies the setup process, while improvements in backup and restore functionalities are provided through integrated pgBackrest configuration. Upgrades to the Active Consistency Engine (ACE) enhance performance, flexibility, and automation for data discrepancy detection across nodes.

Winsage

August 23, 2025

Microsoft’s Windows 10 support extension – lifeline or stay of execution?

Microsoft has extended security updates for Windows 10, allowing businesses more time to plan and manage migration without immediate disruptions. This extension helps IT teams mitigate short-term risks but may lead to complacency and delays in necessary upgrades. Organizations risk accumulating technical debt, becoming dependent on costly external partners, and missing out on innovations if they postpone migration. Maintaining outdated infrastructure can become more expensive than upgrading, and reliance on unsupported systems increases the risk of vendor lock-in. Continuous modernization is essential, and businesses should adopt strategies for migrating unsupported applications while ensuring operational continuity. The extension should be seen as a temporary measure rather than a permanent solution, emphasizing the need for ongoing modernization efforts.

Winsage

August 23, 2025

Troubleshooting File System Errors on Windows 10/11 Drives

File system errors on Windows 10 and 11 can occur due to corrupted system files, faulty updates, bad sectors on the drive, malware infections, hardware issues, or application conflicts. Common error messages often include numeric codes indicating the type of problem. To fix these errors, users can follow several methods, starting with simpler solutions: 1. Restart the Computer: A simple restart can resolve temporary glitches. 2. Uninstall Problematic Windows Updates: If an error follows a recent update, uninstalling it may help. 3. Run DISM and SFC Commands: These commands repair the Windows system image and verify system files. 4. Run CHKDSK Command: This scans for bad sectors and repairs the file system structure. 5. Reset the Microsoft Store Cache: This clears the cache for Store-based apps without affecting installed apps. 6. Reinstall the Problematic Application: Uninstalling and reinstalling specific applications can resolve app-related errors. 7. Reset this PC: As a last resort, this option reinstalls Windows while allowing users to keep personal files or remove everything. Each method is arranged from least to most disruptive, allowing users to stop once the error is resolved.

Winsage

August 22, 2025

You can search for files in Windows using Copilot now

Microsoft has introduced a new feature called "semantic file search" in its Copilot AI, allowing Windows users to find files using natural language queries within the Copilot app. Users can describe the type of file they need without knowing its exact name, improving upon previous search methods. To use this feature, users must have a Copilot+ PC and be members of the Windows Insider Program, as it is currently available only on the latest Windows 11 insider builds. The search function operates within the Recents folder, scanning only recently accessed files stored locally. Copilot can locate various file types, including image files, PDFs, Word documents, Excel spreadsheets, and text files. Users can also adjust permissions for what Copilot can access through the settings menu. Additionally, the Copilot app includes a "Get guided help with your apps" feature that initiates a Copilot Vision session for real-time assistance based on screen content. Microsoft is gradually rolling out these features, and users can check their Copilot version to confirm access to the new file search capabilities, which should read 1.25082.132.0 or higher.

AppWizard

August 22, 2025

Android VPN Apps Linked to Chinese Co (Qihoo 360) Tied to PRC

Recent investigations by Arizona State University and Citizen Lab have revealed that several popular Android VPN applications are linked to entities in mainland China and Hong Kong, raising security concerns. These apps, which have millions of downloads, share ownership and infrastructure, and exhibit significant security flaws, including the collection of location data against privacy policies, outdated encryption methods, and hard-coded passwords that could compromise user traffic. One company manages all VPN servers for a second group of apps, while a third group is vulnerable to connection interference attacks. Notably, these VPN providers are connected to Qihoo 360, a Chinese company flagged as a potential national security threat, with ties to the Chinese military. The Tech Transparency Project reported that millions of Americans have downloaded apps that route internet traffic through Chinese companies, with one in five of the top 100 free VPNs in the U.S. App Store in 2024 being covertly owned by Chinese firms. Some VPNs have targeted younger audiences through social media ads, raising concerns about their marketing strategies. Qihoo 360 has been sanctioned and is on the Commerce Department’s Entity List, emphasizing the national security risks associated with these services. Users are advised to research their VPN providers to avoid affiliations with the Chinese Communist government.