security protocols Archives

Winsage

May 14, 2025

Microsoft’s upcoming OneDrive update bypasses security protocols between business and personal files

Microsoft is integrating its products into the user experience, with OneDrive being a prominent example. The upcoming June update will introduce a feature called "Prompt to Add Personal Account to OneDrive Sync," which encourages users on business devices to sync files with personal accounts, potentially compromising security by exposing sensitive business data. Many users are unaware they are using OneDrive, leading to confusion and frustration, especially among older individuals. To address concerns about the update, users can consult their IT department to implement policies that disable the synchronization prompt or personal sync altogether.

Winsage

May 8, 2025

Ransomware hackers target a new Windows security flaw to hit businesses

Several ransomware groups, including RansomEXX and Play, are exploiting a zero-day vulnerability in the Windows Common Log File System to elevate system privileges and deploy malware. This flaw was identified and patched during Microsoft's Patch Tuesday update in April 2024.

AppWizard

May 7, 2025

Messaging app used by Mike Waltz suspends service after hacking

TeleMessage, a messaging application linked to former national security adviser Mike Waltz, has suspended its services following a reported hacking incident where sensitive files were accessed. The breach has raised serious concerns about the app's security protocols and could lead to a reevaluation of security measures across similar applications.

AppWizard

May 7, 2025

Another messaging app used by the White House is in hot water

Former National Security Adviser Mike Waltz has come under scrutiny for using TeleMessage, an app that has recently experienced a security breach resulting in the theft of sensitive data, including direct messages and group chats. High-ranking officials from the Trump administration, including Waltz, Vice President J.D. Vance, Secretary of State Marco Rubio, and Director of National Intelligence Tulsi Gabbard, were reported to have used the app. A photograph captured Waltz during a Cabinet meeting appearing to use TeleMessage to access Signal messages, raising concerns due to his previous controversy involving a chat room on Signal that included a journalist. The security vulnerabilities of TeleMessage have been criticized, particularly as it lacks the robust encryption features of Signal. The app was initially marketed as a solution for preserving messages for government record-keeping, but its reliability has been questioned.

AppWizard

May 6, 2025

TeleMessage suspends services after hackers claim breach

TeleMessage has temporarily suspended all services due to a reported security breach, with the parent company Smarsh investigating the incident. Customs and Border Protection (CBP) has discontinued using the app as a precaution. A hacker claimed to have accessed a centralized TeleMessage server and downloaded data, including a screenshot of the contact list for employees at Coinbase, which confirmed the authenticity of the screenshot but stated that customer data remained secure. Multiple U.S. government agencies have contracts with TeleMessage or related entities. Another hacker also claimed to have breached TeleMessage, providing evidence of their claims. The investigation into the breach is ongoing, and it is unclear if sensitive communications from U.S. officials were compromised.

Winsage

April 27, 2025

Windows 10 support ends soon, but shockingly, 35% of SMBs are either clueless or refusing to upgrade their systems

A recent survey by Canalys revealed that over a third (35%) of channel partners reported their small and medium-sized business (SMB) clients are either unaware of the upcoming end-of-service (EoS) deadline for Windows 10 or lack a plan to transition away from it. Additionally, 14% of respondents admitted they do not know that support for Windows 10 is ending on October 14, 2025. The market for business PCs is growing, with a 9.4% year-on-year increase in shipments, reaching 62.7 million units in Q1 2025. Experts warn that the lack of upgrade plans could lead to significant financial repercussions for SMBs, especially with rising tariffs and potential supply constraints. A structured approach for transitioning to Windows 11 is recommended, including assessing current hardware, evaluating application compatibility, developing a timeline for upgrades, budgeting for investments, training staff, and implementing endpoint security strategies.

AppWizard

April 25, 2025

12 Android apps secretly recorded your conversations

Recent findings from cybersecurity experts at ESET revealed that several Android applications, disguised as harmless tools, have been secretly recording conversations and stealing sensitive data. These malicious apps infiltrated devices through the Google Play Store and third-party platforms, compromising the privacy of thousands of users. One tactic used by cybercriminals involved romantic deception, where victims were coaxed into downloading a seemingly harmless messaging app containing the VajraSpy Trojan, which activated upon installation to record conversations and harvest personal data. The identified malicious apps fall into three categories: 1. Standard Messaging Apps with Hidden Trojans: These apps, including Hello Chat, MeetMe, and Chit Chat, request access to personal data and operate silently in the background, stealing contacts, SMS messages, call logs, device location, and installed app lists. 2. Apps Exploiting Accessibility Features: Apps like Wave Chat exploit Android’s accessibility features to intercept communications from secure platforms, record phone calls, keystrokes, and ambient sounds. 3. Single Non-Messaging App: Nidus, a news app, requests a phone number for sign-in and collects contacts and files, increasing the risk of data theft. The 12 malicious Android apps identified include: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. The first six apps were available on the Google Play Store and had over 1,400 downloads before removal. Users are advised to uninstall these apps immediately to protect their personal data.

AppWizard

April 19, 2025

Urgent Android Warning: Major Security Flaw Allows Hackers Full Access—Here Are the Apps You Must Delete Now

A vulnerability known as “Dirty Stream” was discovered by Microsoft, allowing malicious applications to hijack trusted apps on high-end Android devices. Although the flaw has been patched, any data accessed before the patch remains vulnerable. The vulnerability exploited the ContentProvider system in Android, enabling harmful apps to send deceptive files that could overwrite critical data in secure storage. Microsoft noted that this could lead to arbitrary code execution, giving attackers full control over applications and access to sensitive user data. Several popular Android apps were found to be vulnerable, with over four billion installations affected. It is crucial to promptly install security updates and maintain app vigilance to protect personal data.

AppWizard

April 16, 2025

How to remove a work profile from an Android device

A work profile on Android devices helps users separate personal and professional data, allowing IT administrators to manage corporate data remotely without affecting personal information. When an Android device is enrolled in an organization's Mobile Device Management (MDM) platform, a work profile is created, enabling IT to control data usage, notifications, applications, and security. Upon an employee's departure, the work profile is typically removed to protect corporate data, while personal data remains intact. Users can remove the work profile through the device's Settings or the MDM application. IT administrators can also delete a work profile via the MDM system to safeguard corporate information without wiping the entire device. Troubleshooting steps are available if difficulties arise during the removal process.

Winsage

April 12, 2025

Microsoft is finally ready to ship Windows Recall after almost year long delay

Microsoft's Recall app is set for release within the Windows 11 Release Preview channel, with a potential rollout beginning as early as May. The feature captures and stores snapshots of user activities to enhance productivity. Although initially planned for a June 2024 launch with Snapdragon Copilot+ PCs, the timeline has shifted, and all Copilot+ PCs are now expected to receive Windows Recall in early 2025. At launch, the app may still carry a "preview" label, and it includes enhanced security measures such as robust encryption and mandatory Microsoft Account and Windows Hello Bio-authentication for setup. Recall is optional, allowing users to disable or uninstall it if desired. Additionally, Microsoft may introduce two new smaller Surface PCs with Copilot+ capabilities next month.