We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

security alert

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed
Winsage
April 13, 2025

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed

Microsoft addressed over 120 vulnerabilities during its April 2025 Patch Tuesday, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. WinRAR users are urged to update to version 7.11 due to a vulnerability (CVE-2025-31334) that allows attackers to bypass Windows' Mark of the Web security feature. Chief Information Security Officers (CISOs) are experiencing security platform fatigue due to the proliferation of multiple security tools. President Donald Trump signed an Executive Order revoking security clearances for Chris Krebs and his colleagues at SentinelOne. Cyber crisis simulations are becoming essential for organizational preparedness against evolving cyber threats. Fortinet has released patches for vulnerabilities, including a critical flaw (CVE-2024-48887) in FortiSwitch appliances. WhatsApp users should update their Windows client app to fix a vulnerability (CVE-2025-30401) that could allow harmful code execution. Kevin Serafin, CISO at Ecolab, discussed aligning security initiatives with business objectives. There is a rise in compromised large language model (LLM) attacks and risks associated with AI autonomy. New open-source tools like the YES3 Scanner and APTRS have been developed to enhance security capabilities. The cybersecurity job market remains strong, with increasing demand for skilled professionals.
This Windows 11 bug can stop your security updates — here's how to avoid it
Winsage
December 28, 2024

This Windows 11 bug can stop your security updates — here’s how to avoid it

Windows 11, version 24H2 has a security issue affecting updates released between October 8 and November 12, which may prevent further security updates and leave devices vulnerable. The latest version released on December 10 allows users to create installation discs or USB keys to ensure ongoing security updates. Alternatively, users can update directly through Windows Update or the Microsoft Update Catalog for better security and performance. If currently using Windows 11 installed via disc or USB with the October or November updates, upgrading to version 24H2 is recommended. Windows 10 Home and Pro will reach end of life on October 14, 2025, after which Microsoft will stop providing updates. Users are advised to upgrade to Windows 11 before this deadline.
Urgent Android warning for anyone who uses Amazon - delete dangerous app now
AppWizard
December 23, 2024

Urgent Android warning for anyone who uses Amazon – delete dangerous app now

McAfee's security team discovered a malicious app named "BMI CalculationVsn" in Amazon's Android Appstore, which pretended to be a health tracker but was capable of screen recording, password theft, and accessing private SMS messages. Following the report, Amazon removed the app from its platform, and users who downloaded it are advised to uninstall it immediately. McAfee recommends that Android users install reliable antivirus software, scrutinize permission requests before downloading apps, and monitor app behavior for unusual activity to enhance their security.
Dangerous New Windows Drive-By Security Alert—What You Need To Know
Winsage
December 15, 2024

Dangerous New Windows Drive-By Security Alert—What You Need To Know

Cloak ransomware, emerging in 2022, has quickly become a significant threat in the cyber landscape, with a new variant raising concerns due to its advanced capabilities. The group uses initial access brokers and social engineering techniques, including phishing and malicious advertising, to gain network access. The ransomware employs a drive-by download method, disguising itself as legitimate system updates. Cloak may have connections to the Good Day ransomware group and utilizes a variant derived from leaked Babuk ransomware source code. Once delivered, it employs sophisticated mechanisms for extraction and privilege escalation, terminating security processes and modifying system settings to hinder recovery. The encryption process uses Curve25519 and SHA512 algorithms, and it exhibits advanced evasion techniques. Cloak ensures payload persistence by altering Windows registry entries and restricting user actions, disrupting essential system utilities and leading to operational downtime. Its extortion tactics include disguising ransom notes as desktop wallpapers and employing intermittent encryption to maximize damage. The ransomware deletes shadow copies and backups, complicating recovery efforts. Cloak also utilizes a data leak site to publish or sell stolen data if ransom demands are not met, claiming a ransom payment success rate of 91% to 96%. Windows users are advised to implement comprehensive security measures to reduce the risk of attacks.
Security Alert Issued Against Surge of ‘Spyloan’ Android Apps On The Play Store
AppWizard
November 26, 2024

Security Alert Issued Against Surge of ‘Spyloan’ Android Apps On The Play Store

A recent investigation by McAfee has identified over a dozen deceptive applications on the Android Play Store that pose as legitimate loan providers. These apps, known as Spyloan apps, are scams that exploit users by accessing sensitive personal data, potentially leading to extortion. They mimic reputable platforms and use marketing tactics to create a false sense of urgency. Privacy agreements associated with these apps can be invasive, allowing access to users' messages, contacts, and call history, and in some cases, the device's camera. Victims of these scams have faced severe consequences, including blackmail and threats. The fraudulent applications have a global reach, affecting countries such as Indonesia, Mexico, and Colombia. Google has removed several of these apps, while others have been modified to avoid detection. McAfee advises users to check developer details and read user reviews to avoid scams.
Google Chrome Security Alert: Indian Govt Issues Major Warning For Windows And Mac Users - News18
Winsage
September 28, 2024

Google Chrome Security Alert: Indian Govt Issues Major Warning For Windows And Mac Users – News18

The Indian government issued a security alert on September 26 regarding vulnerabilities in Google Chrome, as announced by the Indian Computer Emergency Response Team (CERT-In). Users on Windows, macOS, and Linux are at risk, particularly those using versions prior to 129.0.6668.70/.71 for Windows and Mac, and prior to 129.0.6668.70 for Linux. The vulnerabilities could allow remote attackers to execute arbitrary code and crash the application, stemming from issues such as Type Confusion in V8, Use after Free in Dawn, Integer Overflow in Skia, and inappropriate implementation in V8. Users are advised to update their browsers to the latest version to mitigate these risks.
Search