We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

security protocols

Report: EncryptHub moonlighting in vulnerability research
Winsage
April 8, 2025

Report: EncryptHub moonlighting in vulnerability research

A new threat actor named EncryptHub, or SkorikARI, has been recognized by Microsoft for identifying two significant security vulnerabilities in Windows: a high-severity bypass of the Windows Mark of the Web security feature (CVE-2025-24061) and a medium-severity spoofing issue in Windows File Explorer (CVE-2025-24071). EncryptHub, based in Romania and of Ukrainian origin, has a background in vishing and ransomware attacks and shifted to vulnerability research due to financial difficulties and the threat of imprisonment. The KrakenLabs report notes EncryptHub's skill in identifying vulnerabilities but warns that his creations are not foolproof, and users following basic security protocols are likely to remain safe.
Android 15 blocked Phone Link from mirroring sensitive notifications, but Microsoft has a fix
AppWizard
April 3, 2025

Android 15 blocked Phone Link from mirroring sensitive notifications, but Microsoft has a fix

Microsoft's Phone Link app can now mirror sensitive notifications from Android devices to Windows PCs after the Android 15 update had initially restricted this capability. The Android 15 update classified two-factor authentication codes as sensitive, blocking their visibility to most notification listeners, including Phone Link. To access sensitive notifications, Phone Link must be preinstalled on the device and granted the RECEIVESENSITIVENOTIFICATIONS permission. Users with devices that have Link to Windows preinstalled, like the Xiaomi 15 Ultra and Samsung Galaxy S25 Ultra, can grant permission to restore full functionality. For devices without the preinstalled app, workarounds include disabling Android System Intelligence notification processing or manually granting permissions.
Avoid Downloading Apps From Untrusted Sources, Google Warns Android Users
AppWizard
March 31, 2025

Avoid Downloading Apps From Untrusted Sources, Google Warns Android Users

Google warns Android users about the risks of downloading apps from sources outside the Google Play Store, noting that such apps are 50 times more likely to contain malware. In 2023, Google removed around 2.3 million suspicious apps from the Play Store and banned over 300 apps that circumvented Android's security measures, which had over 60 million downloads and were involved in deceptive advertising and phishing schemes. Google is enhancing its Play Protect Live Threat Detection system to combat fake and dangerous apps. Recommendations for protecting phones include downloading apps only from the Google Play Store, checking reviews and ratings, installing security updates, and avoiding unknown links.
Signal controversy: Why the secure messaging app is all over the news
AppWizard
March 29, 2025

Signal controversy: Why the secure messaging app is all over the news

Signal is an end-to-end encrypted messaging application that distinguishes itself from competitors like Messenger and WhatsApp through its open-source technology and the use of the Signal protocol for encryption. It encrypts messages before they leave the sender's device, ensuring that only the intended recipient can read them. However, its security is tied to the user's device, and vulnerabilities such as weak passwords and unprotected devices can compromise message integrity. Despite its strong encryption, Signal may not meet the stringent security protocols required for sensitive government communications, particularly due to its message deletion feature and the lack of support for record-keeping. The app is considered secure for everyday users, but may not be suitable for high-stakes governmental communication. The rise in cyber threats underscores the need for secure communication channels, leading organizations to consider encrypted messaging solutions like Signal, while also evaluating alternatives within the encrypted messaging landscape.
Ahead of Signal leak, Pentagon warned of app's weaknesses
AppWizard
March 28, 2025

Ahead of Signal leak, Pentagon warned of app’s weaknesses

The Pentagon has issued a warning about the security of the messaging application Signal, advising against its use for any communications, including unclassified ones, due to concerns over hacking vulnerabilities following a significant leak. This advisory reflects an increased awareness of cybersecurity threats and the need for robust security measures in communications, prompting individuals and organizations to reconsider their reliance on Signal and explore alternatives.
Signal says it is 'gold standard' for encrypted messaging, despite claims of vulnerabilities
AppWizard
March 27, 2025

Signal says it is ‘gold standard’ for encrypted messaging, despite claims of vulnerabilities

Rep. Pat Harrigan of North Carolina raised concerns about a report that the Trump administration accidentally texted a journalist about military operations in Yemen, questioning the security protocols of the administration regarding the encrypted messaging app, Signal. Signal responded by asserting that its software is "the gold standard for private, secure communications" and clarified that a reported "vulnerability" was related to phishing scams and not flaws in their technology. The company has introduced new user flows and in-app warnings to protect against phishing attacks and emphasized its open-source nature for regular audits. President Trump acknowledged the mistake, stating that a staffer mistakenly added journalist Jeffrey Goldberg to a group chat discussing a military strike against the Houthis in Yemen, which included senior officials. The incident has led to criticism, particularly from Democrats calling for resignations and congressional testimony from those involved.
Trump administration used Signal app to discuss Houthi attack plans
AppWizard
March 26, 2025

Trump administration used Signal app to discuss Houthi attack plans

A journalist accessed classified U.S. military details regarding plans to engage with Houthi forces due to a security lapse in the Signal messaging application. The breach occurred when a user mistakenly shared confidential military documents through the app, emphasizing the risks of human error in secure communications. Signal is an encrypted messaging platform known for its user privacy and security, utilizing end-to-end encryption.
Malicious Android Apps Evade Detection: McAfee
AppWizard
March 26, 2025

Malicious Android Apps Evade Detection: McAfee

Cybercriminals are using Microsoft’s .NET MAUI framework to create advanced Android malware that bypasses security measures and compromises user data. A study by McAfee researchers highlights a rise in malicious apps developed with this tool since its introduction in May 2022. These apps often impersonate legitimate applications, particularly from financial institutions, and are distributed through third-party websites or alternative app stores. One example is a counterfeit app mimicking the official IndusInd Bank app, targeting users in India to extract sensitive information. Another variant targets Chinese-speaking users by disguising itself as a social networking service. The malicious apps are designed to be subtle, with harmful code concealed as blob files within the assemblies directory, making detection difficult for antivirus solutions. Hackers use multi-stage dynamic loading, where the Android executable file is loaded in three stages, each encrypted until execution. They also manipulate the AndroidManifest.xml file by adding excessive permissions, complicating analysis and detection. Additionally, attackers replace standard HTTP requests with encrypted TCP socket connections to evade security software. These evolving tactics indicate a potential increase in similar mobile malware threats in the future.
Windows Passwords At Risk As New 0-Day Confirmed—Act Now
Winsage
March 26, 2025

Windows Passwords At Risk As New 0-Day Confirmed—Act Now

Windows users are facing multiple zero-day vulnerabilities affecting various operating system versions, including Windows 7, Server 2008 R2, and Windows 11 v24H2, with no official patch available from Microsoft. A new vulnerability allows attackers to obtain NTLM credentials by having a user view a malicious file in Windows Explorer. This vulnerability is distinct from a previously reported incident and remains undisclosed until Microsoft issues a patch. NTLM vulnerabilities can enable credential theft, and while not classified as critical, they have been exploited in real-world attacks. Users may need to wait for the next Patch Tuesday for an official fix, but can utilize a micro-patch solution from ACROS Security's 0patch to address the vulnerability temporarily.
Search