protecting Archives

Tech Optimizer

February 17, 2025

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The US Treasury workstations were breached by suspected state-sponsored Chinese hackers using two zero-day vulnerabilities. The first vulnerability, CVE-2024-12356, is an unauthenticated command injection flaw in BeyondTrust's Remote Support SaaS, which requires prior exploitation of CVE-2025-1094. CVE-2025-1094 is related to the PostgreSQL interactive tool, psql, and allows SQL injection attacks due to improper handling of invalid byte sequences. This vulnerability can lead to arbitrary code execution through the execution of meta-commands. Fixes for CVE-2025-1094 were issued by the PostgreSQL team on February 13, 2025, and BeyondTrust released patches in December 2024 that also mitigate risks associated with this vulnerability. PostgreSQL users are advised to upgrade to specific fixed versions, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided technical details and indicators of compromise for the vulnerabilities.

Tech Optimizer

February 17, 2025

Mac users beware: AI-powered malware threats are on the rise

Apple devices, particularly Macs, are facing an increase in cyberattacks, with a new wave of sophisticated malware targeting sensitive data. The emergence of Atomic Stealer (AMOS) in mid-2023 marked a shift from less harmful adware to more serious threats, with AMOS being marketed as a user-friendly service. By mid-2024, Poseidon became the leading Mac information stealer, responsible for 70% of infections and capable of draining various cryptocurrency wallets and capturing sensitive credentials. Cybercriminals are also using malvertising to lure users into downloading disguised malware. Android users are experiencing an even more severe situation, with a significant rise in phishing attacks. In 2024, researchers identified 22,800 malicious apps designed for phishing, along with thousands capable of reading one-time passwords (OTPs). These apps often mimic legitimate software and can easily infiltrate app stores, including Google Play. While Google Play Protect offers some malware protection, it is not entirely effective. To protect against malware threats, it is recommended to use strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication (2FA) for critical accounts.

AppWizard

February 16, 2025

Federal workers say they increasingly distrust platforms like Facebook

Federal employees are increasingly concerned about the security of traditional communication platforms and are migrating to encrypted messaging apps like Signal for personal and work-related discussions. This shift is driven by distrust in technology companies, particularly those perceived to have ties with the Trump administration, and fears that user data may be shared with the government. Employees have noted a change in workplace conversation dynamics, becoming more guarded and circumspect. Concerns have also been raised about the potential misuse of personal data, highlighted by past incidents involving companies like Meta. Many federal workers are seeking security tips through forums and adopting measures such as anonymous display names to protect their identities. The federal workforce consists of over 3 million individuals, indicating a significant portion of the U.S. labor market is affected by these privacy and data security concerns.

Tech Optimizer

February 15, 2025

Simplify database authentication management with the Amazon Aurora PostgreSQL pg_ad_mapping extension

Authentication is essential for security in enterprise environments, protecting sensitive data and resources from unauthorized access. Kerberos authentication is utilized for Amazon Aurora PostgreSQL-Compatible Edition with AWS Directory Service for Microsoft Active Directory, particularly through the pg_ad_mapping extension, which enhances access control management. Aurora PostgreSQL supports multiple authentication methods, including password authentication, AWS Identity and Access Management (IAM) database authentication, and Kerberos authentication. By default, password authentication is enabled, while IAM and Kerberos can be used independently. Users are assigned specific roles based on the authentication method: rds_iam for IAM, rds_ad for Kerberos, and no specific roles for password authentication. Kerberos authentication integrates with Microsoft Active Directory, allowing centralized authentication and single sign-on (SSO) capabilities. With versions 14.10 and 15.5, Aurora PostgreSQL introduced the pg_ad_mapping extension, which allows administrators to manage access through Active Directory (AD) security groups instead of provisioning individual users. This extension checks AD group memberships upon user login and assigns corresponding database roles, prioritizing roles based on assigned weights. The pg_ad_mapping extension includes functions such as pgadmap_set_mapping to add mappings between AD security groups and database roles, pgadmap_read_mapping to list existing mappings, and pgadmap_reset_mapping to delete or reset mappings. To deploy the solution, a CloudFormation stack is used to create necessary resources, including an AWS Managed Microsoft AD server, an Aurora PostgreSQL database cluster, and a Windows EC2 instance. Users can be added to AD groups, and roles can be mapped to facilitate access management. Security best practices for Aurora PostgreSQL include using IAM policies for resource management, implementing security groups for database access control, utilizing encryption for data protection, and employing Transport Layer Security (TLS) for secure connections. For auditing, the pg_stat_gssapi view can be used to identify authenticated users, and enabling the log_connections parameter will log session establishments, including AD user identities.

AppWizard

February 14, 2025

Android 16 will fight scammers by blocking certain features during phone calls

Google is developing a new security feature for Android 16 that will block changes to sensitive settings during phone calls to protect users from phone scams. This feature will prevent users from enabling sideloading permissions and granting accessibility access while on a call. A warning message will be displayed if users attempt to make such changes, informing them that these actions are prohibited during calls. The sideloading permission is disabled by default, but users can enable it through settings, except for those with Advanced Protection Mode activated. These security features are expected to be included in the public release of Android 16 later this year.

Tech Optimizer

February 13, 2025

Gen Digital Planning to Sell $1.1 Billion of Senior Notes Due 2033

Gen Digital Inc. specializes in developing and marketing a comprehensive suite of cybersecurity software solutions, categorized into two primary families: Consumer Security and Antivirus Protection Solutions (64.5% of net sales) and Identity and Information Protection Solutions (35.5% of net sales). The company's net sales distribution is as follows: Americas (65.4%), Europe/Middle East/Africa (24.1%), and Asia/Pacific (10.5%).

Tech Optimizer

February 11, 2025

Essential tips to protect your computer from malware

Malware includes various types of malicious software such as viruses, worms, Trojans, ransomware, and spyware. Email attachments and links are common methods for malware distribution, with cybercriminals often disguising malicious files as legitimate communications. Regular software updates are essential for protecting against security vulnerabilities. Pirated software frequently contains malware and poses risks to computer security. Installing antivirus and antimalware software is crucial for defense against attacks, with recommendations for programs like Windows Defender and Malwarebytes. Encrypting sensitive data can prevent unauthorized access, and maintaining cloud backups is vital for data recovery in case of ransomware attacks. Using a Virtual Private Network (VPN) is recommended when accessing the internet on public networks to protect personal information. Users should monitor their devices for suspicious activity, such as system slowdowns or unexpected pop-ups, and conduct malware scans if symptoms arise.

AppWizard

February 10, 2025

TikTok Offers Workaround for Android Users To Download the App

TikTok has created Android download kits for TikTok and TikTok Lite to allow users to access the platform despite its absence from US app stores. Users can download the app by visiting TikTok.com/Download, enabling sideloading, which is the installation of apps from outside official app stores. Certain features, like Live streaming and TikTok Shop, are not available. TikTok has not returned to Google Play or the Apple App Store since its removal on January 19 and is implementing security measures for its Android Package Kits. Political concerns about TikTok's ties to China have led to discussions about a potential ban and interest from various figures in acquiring the platform.

TrendTechie

February 10, 2025

Meta скачала более 80 ТВ пиратских книг с торрентов для обучения моделей искусственного интеллекта | borg.expert – медиа-портал о долгах и банкротстве

Meta has acknowledged using torrents to download a dataset known as LibGen, which contains tens of millions of pirated books, for training its AI models. Recent reports indicate that Meta downloaded at least 81.7 terabytes of data from various shadow libraries, including a minimum of 35.7 terabytes from Z-Library and 80.6 terabytes from LibGen. The scale of Meta's illegal torrent activity has been described as staggering, with the writers highlighting that much smaller acts of data piracy led to a criminal investigation. A judge rejected Meta's attempt to prevent the disclosure of its use of pirated books, stating that the company's actions were aimed at avoiding negative publicity. Additionally, Meta had previously trained its language model, Llama, on fragments from a dataset called Books3, which includes around 196,000 books sourced from the internet, without publicly acknowledging the use of LibGen data until now.

Tech Optimizer

February 6, 2025

Norton VPN Plus is so much more than just a VPN, and it’s 54% off

The landscape of online security has changed significantly, requiring a multi-faceted approach to cybersecurity as of 2024. Antivirus software is still important but is now just one part of a broader security strategy. Incorporating a Virtual Private Network (VPN) is essential for robust protection against online threats. Norton VPN Plus is highlighted as a reputable VPN service, known for its trusted brand, user-friendly interface, comprehensive security features, and a global server network that allows users to access content while maintaining privacy. A VPN encrypts data between the user's device and the VPN server, enhancing privacy and security.