sensitive data Archives

AppWizard

July 3, 2025

YONO SBI App Vulnerability Enables Man-in-the-Middle Attacks

A security vulnerability (CVE-2025-45080) has been identified in version 1.23.36 of the YONO SBI: Banking & Lifestyle mobile application, which allows unencrypted communications due to the android:usesCleartextTraffic="true" setting in its AndroidManifest.xml file. This misconfiguration exposes sensitive banking information to risks such as eavesdropping, tampering, and man-in-the-middle (MITM) attacks. Security experts recommend setting android:usesCleartextTraffic="false" and enforcing HTTPS for secure communications. Users are advised to avoid using the affected version until a security update is released. The vulnerability was disclosed by security researcher Ishwar Kumar.

AppWizard

July 3, 2025

Fake Apps, AI Scams Drive 151% Android Malware Spike, Smishing Grows 692%, Spyware Quadruples

Android malware has surged by 151% since the beginning of the year, with a notable 147% increase in spyware in 2025. Spyware activity peaked in February and March, reaching nearly four times the baseline. Smishing attacks via SMS increased by 692% between April and May. Banking trojans and spyware are increasingly hidden in seemingly legitimate applications, such as fake loan services. Over 30% of Android devices run outdated software lacking security patches, exposing users to vulnerabilities. Cybercriminals are developing interconnected operations that target sensitive user data. Google Play Protect is not fully effective, and users are advised to download apps only from official sources, review app permissions, deny unnecessary notification access, keep software updated, and use trusted mobile security apps.

Tech Optimizer

July 1, 2025

Percona Launches First-Ever Open Source Transparent Data Encryption for PostgreSQL

Percona has launched its Transparent Data Encryption (TDE) extension for Percona for PostgreSQL, enabling organizations to secure sensitive data at rest and comply with regulations without incurring licensing fees or vendor lock-in. The TDE extension provides automatic and transparent encryption of data, supports compliance with regulations like GDPR, HIPAA, SOX, and PCI DSS v4.0, and offers features such as open-source availability, stronger data protection, granular user-controlled encryption, seamless integration, centralized key management, minimal performance impact, and trusted support services. The pg_tde extension is now part of the Percona Distribution for PostgreSQL, enhancing security for customers needing encryption compliance.

AppWizard

June 29, 2025

Hackers Spying on Android Phones in Real Time, Targeting 500+ Bank, Crypto and Payment Apps To Steal Sensitive Data: Cybersecurity Firm

A new version of banking malware is targeting Android devices, allowing cybercriminals to capture login credentials and manipulate banking applications in real time. This malware uses an advanced virtualization technique to hijack legitimate banking apps by installing a malicious host application that creates a controlled sandbox environment for the targeted app. Users are redirected to this virtualized instance, where their actions are monitored and manipulated, enabling the interception of sensitive information. The malware targets nearly 500 financial applications globally, including major banks in North America, the UK, Canada, and Europe, as well as cryptocurrency wallets and digital payment platforms.

AppWizard

June 29, 2025

Russia Launches State-Run Messaging App

Russia has introduced a state-backed messaging application, announced by President Vladimir Putin, aimed at providing a homegrown alternative to platforms like WhatsApp and Telegram. The initiative addresses national security concerns and seeks to enhance control over the digital landscape. The app will facilitate messaging, bill payments, form completions, and access to official records, all on a single platform. It promises standard messaging features and enhanced security measures. However, there are concerns about privacy and potential government surveillance, which may affect user adoption. This initiative is part of Russia's broader strategy to foster a self-sufficient technology ecosystem.

AppWizard

June 27, 2025

Your Android phone is getting a big security upgrade for free

Google has introduced various security features for Android users to protect against scams and malware. Key enhancements include: 1. Protection against scam calls with warnings and blocking actions related to disabling Google Play Protect, sideloading apps, and granting accessibility permissions. Screen sharing reminders will be provided on devices running Android 6 or higher. 2. In-call protections for banking apps, alerting users to potential risks when sharing screens with unknown callers, available for participating banks on devices running Android 11 or higher. 3. Improved scam detection in Google Messages, targeting various types of scams, including job scams, cryptocurrency scams, and technical support scams. 4. The Key Verifier tool for verifying contact identities through public encryption keys, ensuring private conversations. 5. Enhanced mobile theft protection with the Identity Check tool expanding to more devices running Android 16, reinforced protections against unauthorized factory resets, and hidden one-time passwords on the lock screen. 6. An Advanced Protection Program for targeted attacks, cryptographically verifying login operations on devices running Android 16. 7. Improvements to Google Play Protect, utilizing new on-device rules for malware detection and providing warnings about potentially malicious apps. 8. Ongoing commitment to enhancing overall Android security with each new version and updates to Google Play services.

Winsage

June 26, 2025

The Great Migration Starts Here

Organizations must transition to Windows 11 Pro by October 14, 2025, as Windows 10 will no longer receive security updates, increasing vulnerability to cyber threats. The upgrade is complimentary for eligible Windows 10 devices, but compatible hardware is necessary to utilize enhanced security and performance features. Windows 11 Pro PCs include built-in security tools like Windows Hello, BitLocker encryption, and TPM 2.0. Windows AI PCs feature intelligent tools like Windows Copilot for improved efficiency, while Copilot+ PCs, launching in mid-2024, will have dedicated AI processors for advanced capabilities. Security features such as Secure Boot, Virtualization-Based Security, and BitLocker encryption are integral to Windows 11 Pro devices, mitigating risks of malware and unauthorized access. Upgrading to Windows 11 Pro enhances device stability and aligns with sustainability goals through energy-efficient designs.

Tech Optimizer

June 25, 2025

Meet the new features for Avast Free AV and Avast Premium Security

Avast has millions of active users and is recognized in the cybersecurity field for its effective solutions and commitment to user security. Avast Free Antivirus includes real-time behavioral analysis for proactive malware detection, enhanced Network Inspector and Firewall modules for network security, improved intelligent quarantine and cloud scanning, and the new Scam Guardian feature, which includes Web Guard for browsing protection and Avast Assistant for scam guidance. Avast Premium Security offers additional features for heightened privacy, including Sensitive Data Shield, Webcam Shield, Data Shredder, and Hack Alerts for monitoring password leaks. The Pro version introduces Email Guard, which uses AI for intelligent email filtering to detect phishing attempts. Avast's tools enhance online shopping safety, email security, public Wi-Fi connections, and protection of sensitive files and credentials.

AppWizard

June 24, 2025

WhatsApp ban: US congressional staffers must delete the messenger

The US House of Representatives has banned the use of WhatsApp on all work devices due to cybersecurity concerns, categorizing it as a "high risk" application. The ban is based on criticisms regarding a lack of transparency in user data protection, insufficient encryption of stored data, and potential security vulnerabilities. Employees are instructed to remove the app from their devices, and alternatives such as Microsoft Teams, Wickr, Signal, iMessage, and FaceTime are recommended. This decision aligns WhatsApp with other previously banned applications, and there is speculation that similar guidelines may be adopted by other government agencies.

AppWizard

June 23, 2025

Iran encourages citizens to use a messaging app previously flagged as a state surveillance tool

Iranian authorities are promoting the domestic messaging app Bale for communication with family abroad amid a near-total internet blackout since June 18, 2025. Bale has 16.5 million monthly active users as of May 2023, with increased adoption following restrictions on Western apps after 2022 protests. A security audit by the Open Technology Fund revealed critical vulnerabilities in Bale and two other Iranian messaging apps, Eitaa and Rubika, including the lack of end-to-end encryption (E2EE) and potential state surveillance through a state-owned service called the Message Exchange Bus (MXB). Bale's encryption could compromise sensitive data and shares location data during authentication. Experts recommend more secure alternatives like Signal and advise against using Bale for sensitive communications. Since the blackout, internet connectivity remains poor, with the government urging citizens to delete WhatsApp and imposing restrictions that have increased VPN usage by over 700%.