security protocols Archives

Winsage

April 27, 2025

Windows 10 support ends soon, but shockingly, 35% of SMBs are either clueless or refusing to upgrade their systems

A recent survey by Canalys revealed that over a third (35%) of channel partners reported their small and medium-sized business (SMB) clients are either unaware of the upcoming end-of-service (EoS) deadline for Windows 10 or lack a plan to transition away from it. Additionally, 14% of respondents admitted they do not know that support for Windows 10 is ending on October 14, 2025. The market for business PCs is growing, with a 9.4% year-on-year increase in shipments, reaching 62.7 million units in Q1 2025. Experts warn that the lack of upgrade plans could lead to significant financial repercussions for SMBs, especially with rising tariffs and potential supply constraints. A structured approach for transitioning to Windows 11 is recommended, including assessing current hardware, evaluating application compatibility, developing a timeline for upgrades, budgeting for investments, training staff, and implementing endpoint security strategies.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

AppWizard

April 19, 2025

Urgent Android Warning: Major Security Flaw Allows Hackers Full Access—Here Are the Apps You Must Delete Now

A vulnerability known as “Dirty Stream” was discovered by Microsoft, allowing malicious applications to hijack trusted apps on high-end Android devices. Although the flaw has been patched, any data accessed before the patch remains vulnerable. The vulnerability exploited the ContentProvider system in Android, enabling harmful apps to send deceptive files that could overwrite critical data in secure storage. Microsoft noted that this could lead to arbitrary code execution, giving attackers full control over applications and access to sensitive user data. Several popular Android apps were found to be vulnerable, with over four billion installations affected. It is crucial to promptly install security updates and maintain app vigilance to protect personal data.

AppWizard

April 16, 2025

How to remove a work profile from an Android device

A work profile on Android devices helps users separate personal and professional data, allowing IT administrators to manage corporate data remotely without affecting personal information. When an Android device is enrolled in an organization's Mobile Device Management (MDM) platform, a work profile is created, enabling IT to control data usage, notifications, applications, and security. Upon an employee's departure, the work profile is typically removed to protect corporate data, while personal data remains intact. Users can remove the work profile through the device's Settings or the MDM application. IT administrators can also delete a work profile via the MDM system to safeguard corporate information without wiping the entire device. Troubleshooting steps are available if difficulties arise during the removal process.

Winsage

April 12, 2025

Microsoft is finally ready to ship Windows Recall after almost year long delay

Microsoft's Recall app is set for release within the Windows 11 Release Preview channel, with a potential rollout beginning as early as May. The feature captures and stores snapshots of user activities to enhance productivity. Although initially planned for a June 2024 launch with Snapdragon Copilot+ PCs, the timeline has shifted, and all Copilot+ PCs are now expected to receive Windows Recall in early 2025. At launch, the app may still carry a "preview" label, and it includes enhanced security measures such as robust encryption and mandatory Microsoft Account and Windows Hello Bio-authentication for setup. Recall is optional, allowing users to disable or uninstall it if desired. Additionally, Microsoft may introduce two new smaller Surface PCs with Copilot+ capabilities next month.

Winsage

April 8, 2025

Report: EncryptHub moonlighting in vulnerability research

A new threat actor named EncryptHub, or SkorikARI, has been recognized by Microsoft for identifying two significant security vulnerabilities in Windows: a high-severity bypass of the Windows Mark of the Web security feature (CVE-2025-24061) and a medium-severity spoofing issue in Windows File Explorer (CVE-2025-24071). EncryptHub, based in Romania and of Ukrainian origin, has a background in vishing and ransomware attacks and shifted to vulnerability research due to financial difficulties and the threat of imprisonment. The KrakenLabs report notes EncryptHub's skill in identifying vulnerabilities but warns that his creations are not foolproof, and users following basic security protocols are likely to remain safe.

AppWizard

April 3, 2025

Android 15 blocked Phone Link from mirroring sensitive notifications, but Microsoft has a fix

Microsoft's Phone Link app can now mirror sensitive notifications from Android devices to Windows PCs after the Android 15 update had initially restricted this capability. The Android 15 update classified two-factor authentication codes as sensitive, blocking their visibility to most notification listeners, including Phone Link. To access sensitive notifications, Phone Link must be preinstalled on the device and granted the RECEIVESENSITIVENOTIFICATIONS permission. Users with devices that have Link to Windows preinstalled, like the Xiaomi 15 Ultra and Samsung Galaxy S25 Ultra, can grant permission to restore full functionality. For devices without the preinstalled app, workarounds include disabling Android System Intelligence notification processing or manually granting permissions.

AppWizard

March 31, 2025

Avoid Downloading Apps From Untrusted Sources, Google Warns Android Users

Google warns Android users about the risks of downloading apps from sources outside the Google Play Store, noting that such apps are 50 times more likely to contain malware. In 2023, Google removed around 2.3 million suspicious apps from the Play Store and banned over 300 apps that circumvented Android's security measures, which had over 60 million downloads and were involved in deceptive advertising and phishing schemes. Google is enhancing its Play Protect Live Threat Detection system to combat fake and dangerous apps. Recommendations for protecting phones include downloading apps only from the Google Play Store, checking reviews and ratings, installing security updates, and avoiding unknown links.

AppWizard

March 29, 2025

Signal controversy: Why the secure messaging app is all over the news

Signal is an end-to-end encrypted messaging application that distinguishes itself from competitors like Messenger and WhatsApp through its open-source technology and the use of the Signal protocol for encryption. It encrypts messages before they leave the sender's device, ensuring that only the intended recipient can read them. However, its security is tied to the user's device, and vulnerabilities such as weak passwords and unprotected devices can compromise message integrity. Despite its strong encryption, Signal may not meet the stringent security protocols required for sensitive government communications, particularly due to its message deletion feature and the lack of support for record-keeping. The app is considered secure for everyday users, but may not be suitable for high-stakes governmental communication. The rise in cyber threats underscores the need for secure communication channels, leading organizations to consider encrypted messaging solutions like Signal, while also evaluating alternatives within the encrypted messaging landscape.

AppWizard

March 28, 2025

Ahead of Signal leak, Pentagon warned of app’s weaknesses

The Pentagon has issued a warning about the security of the messaging application Signal, advising against its use for any communications, including unclassified ones, due to concerns over hacking vulnerabilities following a significant leak. This advisory reflects an increased awareness of cybersecurity threats and the need for robust security measures in communications, prompting individuals and organizations to reconsider their reliance on Signal and explore alternatives.