Network Connections Archives

AppWizard

June 21, 2025

Godfather Android trojan uses virtualization to hijack banking and crypto apps

Zimperium zLabs has identified a new version of the GodFather Android trojan, which uses on-device virtualization to hijack legitimate banking and cryptocurrency applications. This malware creates a sandbox environment on the victim's device to run actual applications while intercepting user input in real time, allowing for complete account takeovers and bypassing security measures. The current campaign primarily targets Turkish banks. The GodFather malware employs ZIP manipulation and obfuscation techniques to evade detection, concealing its payload within the assets folder and using session-based installation methods. It utilizes accessibility services to monitor user input, automatically grant permissions, and exfiltrate data to a command-and-control (C2) server via Base64-encoded URLs. The trojan leverages open-source tools like Virtualapp and Xposed to execute overlay attacks, virtualizing applications within a host container. It scans for specific banking applications, downloads Google Play components into a concealed virtual space, and creates a deceptive environment to execute genuine banking applications. When users access their legitimate banking apps, GodFather redirects them to counterfeit versions within its virtual space, capturing their interactions. The malware employs advanced hooking techniques tailored to banking applications, intercepting network connections and capturing sensitive information. It can also compromise lock screen credentials by displaying fake overlays. GodFather supports a wide range of commands, allowing attackers to simulate gestures, manipulate screen elements, and steal sensitive data while remaining hidden from users and security tools. The malware targets over 484 popular applications, including banking, cryptocurrency, e-commerce, and social media platforms, with a current focus on a dozen Turkish financial institutions. This discovery marks a significant advancement in mobile malware capabilities compared to previous threats.

Winsage

June 15, 2025

5 Windows settings you should disable right now to improve your PC’s security

Adjusting operating system settings is essential for safeguarding your digital environment. To enhance security on public Wi-Fi networks, disable the network discovery feature by navigating to Settings > Network & Internet > Advanced Network Settings > Advanced Sharing Settings and toggling off "Network Discovery" for both Public and Private Networks. It is advisable to turn off the File and Printer Sharing setting in the same menu to further protect your system. To manage Clipboard History, which saves everything copied, right-click the Start button, go to Settings > System > Clipboard, and toggle off Clipboard history to prevent sensitive information from being stored. You can control background apps by navigating to Settings > Apps > Installed Apps, selecting the app, and choosing 'Never' under 'Background Apps Permissions' to prevent it from running in the background. To disable Remote Assistance, go to Settings > System > About > Advanced System Settings > Remote tab and uncheck the option for Remote Assistance connections. For Remote Desktop, toggle off the Remote Desktop option in Settings > System. To prevent Windows from automatically reconnecting to previously used public networks, navigate to Settings > Network and Internet > Wi-Fi > Manage Known Networks and uncheck the Connect Automatically When in Range box for those networks.

AppWizard

June 3, 2025

This Android loophole could have let your apps spy on your web browsing

Meta and Yandex have exploited a loophole in the Android operating system, allowing them to link web browsing data with app identities, bypassing privacy measures like incognito mode. This was revealed by researchers from the Local Mess project, who found that tracking scripts (Meta Pixel and Yandex Metrica) embedded in millions of websites transmit data from web browsers to apps such as Facebook, Instagram, and Yandex Maps through local network connections. Meta began using this technique in late 2024, while Yandex has been doing so since 2017. The loophole allows browser data to be sent to localhost, enabling apps to access it without user notification. In response, Meta has paused the feature and is working with Google to address the issue, which Google acknowledges violates Play Store policies. Some browsers are blocking this tracking, but researchers warn that solutions may be temporary without stricter restrictions on app access to local ports. The study indicates that most sites using these trackers start data collection immediately upon visiting, often before consent is requested. To prevent this tracking, users are advised to uninstall the affected applications.

Tech Optimizer

May 29, 2025

Sophos warns MSPs over DragonForce threat

Sophos has warned managed service providers (MSPs) about their vulnerability to ransomware attacks targeting remote monitoring and management (RMM) tools. They reported a ransomware incident involving DragonForce, where attackers accessed the SimpleHelp RMM to deploy ransomware across multiple endpoints and exfiltrate sensitive data using a double extortion strategy. An alert was triggered by a suspicious SimpleHelp installer file pushed through the MSP's legitimate RMM instance. MSPs utilizing Sophos's managed detection and response (MDR) services successfully prevented hacker access, while those without security investments were impacted by the ransomware and data exfiltration. Following the incident, the affected MSP sought help from Sophos Rapid Response for digital forensics. Mark Appleton from Also Cloud UK stressed the importance of MSPs investing in advanced exposure management tools to mitigate cyber threats, noting that endpoints are primary targets for breaches. He highlighted the significance of continuous threat exposure management as essential for MSPs to protect themselves and their clients from attacks.

Tech Optimizer

May 27, 2025

BIOS and Bootloaders in the Crosshairs: Growing Firmware Threats

Hackers are increasingly targeting the startup sequence of systems, focusing on BIOS, UEFI, and bootloaders, which allows them to bypass traditional operating system defenses. Firmware threats often evade conventional security measures, providing attackers with a persistent foothold. Notable bootkits like BlackLotus, BootHole, and EFILock exploit vulnerabilities in boot components, even those protected by Secure Boot. Attackers can embed malicious code in firmware or replace legitimate bootloaders, maintaining control through OS reinstalls and hardware replacements. Common attack vectors include compromised storage, network connections, or console inputs during boot. Malicious code can execute before security software activates, and attackers may exploit misconfigured or outdated signature databases, as well as downgrade attacks on older firmware versions. To mitigate these threats, organizations should enforce Secure Boot policies, regularly update signature databases, and monitor boot behavior for anomalies.

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.

Tech Optimizer

May 6, 2025

Databricks reportedly could acquire serverless database startup Neon for $1B+

Databricks Inc. is in advanced discussions to acquire Neon Inc., a startup specializing in a commercial version of the open-source PostgreSQL database, with the deal anticipated to exceed billion. Neon, based in San Francisco, has raised over 0 million in funding, including contributions from Microsoft's M12 fund. Neon’s PostgreSQL distribution features a serverless architecture that dynamically adjusts hardware resources based on workload demands, allowing for separate provisioning of storage and processing power. It also includes an innovative connection pooling feature to minimize resource drain when establishing network connections. Neon enhances its offering with a cybersecurity tool for granular user access control and the ability to revert databases to previous states in case of data loss. Databricks' interest in Neon may be linked to its suitability for AI applications, as it supports vector storage and can provision new database instances in as little as one second. Databricks has been actively pursuing acquisitions to enhance its AI capabilities, including recent purchases of Fennel AI Inc., Lilac AI Inc., and MosaicML Inc.

Winsage

April 30, 2025

5 alternatives to the Windows Task Manager that you should be using

Windows Task Manager has been enhanced in Windows 11, featuring a streamlined interface and improved functionality. Alternatives to Task Manager include: - System Informer: A free, open-source tool that monitors system resources with real-time performance graphs and detailed process information. It displays CPU, memory, and disk usage, tracks file access, and offers advanced features like call stack traces. - System Explorer: Integrates system monitoring with security features, providing a clean interface for exploring processes, modules, and network connections. It includes a built-in file database and VirusTotal integration for security assessments. - Process Lasso: Extends Task Manager capabilities by allowing users to adjust CPU priority and core affinities. Features include ProBalance for automatic CPU adjustments, performance mode for optimizing CPU usage, IdleSaver for power management, and SmartTrim for memory optimization. - Process Explorer: A Sysinternals tool that offers a detailed view of running processes in a hierarchical tree format, showing user, PID, and resource usage. It includes a search capability for identifying resource usage and integrates with VirusTotal for security checks. - Task Manager DeLuxe (TMX): A portable task management tool that consolidates system stats across multiple tabs, providing quick access to CPU and memory usage, along with graphical representations of network and disk activity. It allows filtering and searching for processes and can be run from a USB drive.

Winsage

April 30, 2025

Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code

Security researcher Nafiez has discovered a vulnerability in Windows LNK files that allows remote code execution without user interaction. Microsoft has chosen not to address this issue, stating it does not meet their security servicing criteria. The vulnerability exploits specific components of LNK files, enabling attackers to create malicious shortcuts that initiate silent network connections when a user accesses a folder containing them. The exploit involves manipulating the HasArguments flag, EnvironmentVariableDataBlock, and embedding UNC paths. Microsoft defends its inaction by citing the Mark of the Web (MOTW) feature as adequate protection, despite concerns from security experts about its effectiveness. Previous vulnerabilities in LNK files have been addressed by Microsoft, and the availability of proof-of-concept code raises fears of potential exploitation by malicious actors.

BetaBeacon

April 2, 2025

Hurry! These Smartphone Games and Apps Are Free Right Now

The fact described in the text is that there are limited-time free Android apps and games available, including an Offline Password Manager app that securely stores passwords without unnecessary features.