sensitive data Archives

AppWizard

August 26, 2025

Delete these two Android apps now: Experts warn they’re secretly stealing your personal data

Online security is a significant challenge due to the vulnerability of smartphones, which are targets for cybercriminals. Two Android applications, Wuta Camera and Max Browser, have been identified as threats associated with the Necro Trojan, a spyware that steals personal information and injects advertisements. Wuta Camera version 6.3.7.138 and later is free from malware, while users of Max Browser are advised to uninstall it immediately. The Necro Trojan, first identified in 2019, uses steganography to conceal malicious code, allowing it to evade security checks. Unofficial app versions from unauthorized sites also pose risks. To protect against these threats, users should keep apps updated, use trusted antivirus software, download from official app stores, remain vigilant, and be selective with app installations.

Tech Optimizer

August 25, 2025

Norton VPN features explained: AI-powered protection, Dark web monitoring, IP Rotation and more

Norton VPN offers a variety of features including: - Integration of artificial intelligence for real-time detection of scams and threats such as phishing, malware, and ransomware. - Cloud storage options ranging from 10GB with the Plus plan to 50GB with the Ultimate plan, providing secure online storage for sensitive data. - Dark web monitoring that scans for users' personal information and alerts them if it surfaces. - A Kill Switch feature that halts internet traffic if the VPN connection drops, protecting users' real IP addresses and unencrypted data. - IP masking that conceals users' real IP addresses and encrypts data before it reaches its destination. - IP rotation that changes the assigned IP address every 30 seconds to complicate tracking attempts. - A Double VPN option that routes data through two servers for enhanced privacy. - A no-log policy ensuring that users' IP addresses, browsing histories, and DNS queries are not logged, with independent audits for validation. - A Norton Password Manager included in select plans for creating and storing complex passwords and securely managing online transactions. - Parental controls and location supervision available with the Ultimate plan, allowing parents to monitor web access and track children's locations.

AppWizard

August 25, 2025

Malicious Android apps with 19M installs removed from Google Play

Zscaler's ThreatLabs team discovered 77 malicious Android applications on Google Play that collectively garnered over 19 million downloads. The Anatsa (Tea Bot) banking trojan was identified as the main threat, evolving to target 831 banking and cryptocurrency apps. More than 66% of the malicious apps contained adware, while nearly 25% were infected with Joker malware, which can perform intrusive actions like sending texts and accessing sensitive information. A variant of Joker, named Harly, disguises itself within legitimate applications. Anatsa employs various evasion tactics, including using a decoy app to download its payload post-installation and altering package names to complicate detection. Following the findings, Google removed the identified malicious apps from the Play Store, and users are advised to ensure their Play Protect service is active and to take precautions if infected.

Tech Optimizer

August 25, 2025

New Android Spyware Masquerading as Antivirus Targets Business Executives

Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware named Android.Backdoor.916.origin, which has been evolving since January 2025. This spyware primarily targets Russian businesses through focused attacks, disseminated via private messages as a fake antivirus application called “GuardCB.” The app's icon resembles the Central Bank of the Russian Federation's emblem and is presented in Russian. Variants of the malware include names like “SECURITY_FSB” and “FSB,” falsely claiming to be security tools linked to Russian law enforcement. Upon execution, the malware simulates an antivirus scan, requesting extensive system permissions for surveillance and data exfiltration, including access to geolocation, audio recording, SMS, contacts, call logs, media files, and camera functions. It establishes connections to command-and-control servers, allowing attackers to send and receive sensitive data, initiate audio and video feeds, and execute commands. The malware employs keylogger functionality to intercept keystrokes and monitor specific applications for content theft. Doctor Web has notified domain registrars to disrupt the malware's infrastructure and confirms that all known variants are detected and neutralized by their antivirus solutions. Organizations are advised to enforce strict APK sideloading policies and verify app authenticity to counter such threats.

Winsage

August 23, 2025

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

A new method allows attackers to extract Windows secrets and credentials without being detected by most Endpoint Detection and Response (EDR) solutions. This technique enables individuals with access to a Windows machine to gather credentials for lateral movement within a network. The Local Security Authority (LSA) manages sensitive information through two in-memory databases: the SAM database, which stores user credentials, and the Security database, which holds LSA secrets. Access to these databases requires interaction with the SAM and SECURITY registry hives, protected by Discretionary Access Control Lists (DACLs) that limit access to SYSTEM privileges. Attackers typically face detection when accessing the lsass.exe process memory, as EDR solutions monitor high-risk activities. Researcher Sud0Ru has introduced a method that bypasses these defenses by using the undocumented API NtOpenKeyEx with the REGOPTIONBACKUPRESTORE flag, allowing attackers to read the SAM and SECURITY hives without SYSTEM-level privileges. To avoid detection, attackers use the RegQueryMultipleValuesW API, which is less monitored by EDRs, to extract encrypted secrets from the hives. This approach allows the operation to occur entirely in memory, leaving no on-disk artifacts and evading typical security alerts.

AppWizard

August 22, 2025

7 Open Source Android Apps Every User NEEDS

Open source Android applications prioritize transparency, privacy, and functionality, distinguishing themselves from mainstream apps by offering user control, lightweight performance, and an ad-free experience. Seven essential open source apps are highlighted: 1. Permission Summary: Provides a categorized overview of app permissions, focusing on third-party applications, and operates offline to enhance privacy. 2. Lock Lock: An app locker with anti-uninstall and brute force protection, functioning offline to secure sensitive data. 3. AppLock: Combines biometric authentication and PIN protection with real-time background protection for locked apps. 4. Orientation Lock: Allows users to lock their screen orientation to a preferred mode, featuring a minimalist design and ad-free interface. 5. Yet Another Habit Tracker: Aids users in building habits with features like heat maps and customizable colors to maintain motivation. 6. Create: An offline music player that supports playlist management and customizable themes, focusing on user privacy. 7. Record Equalizer: Offers real-time audio processing tools for recording and sound manipulation, suitable for both casual users and professionals. These applications provide efficient alternatives to traditional apps while enhancing user privacy and control.

Tech Optimizer

August 21, 2025

New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware

Cisco Talos researchers have identified a new malware framework called PS1Bot, active since early 2025, which spreads primarily through malvertising. PS1Bot is crafted using PowerShell and can steal sensitive information, log keystrokes, take screenshots, and gain unauthorized control over systems. It is capable of extracting passwords, browser cookies, and cryptocurrency wallet seed phrases. The malware operates stealthily using in-memory execution to avoid detection by antivirus software and checks for antivirus presence before launching attacks. It spreads through malicious online advertising, where users may download a compressed file containing the malware. Cisco Talos has noted ongoing enhancements to PS1Bot, with similarities to other malware families suggesting a connection among cybercriminals.

Tech Optimizer

August 21, 2025

Inside Quick Heal’s Journey: Building India’s First Antivirus to a Global Brand

Quick Heal Technologies was founded by brothers Kailash and Sanjay Katkar in Pune, focusing on antivirus solutions to combat rising computer viruses. It became India's first homegrown antivirus and is now a globally recognized company. Despite India's digital economy expanding, only 7% of organizations are mature in cybersecurity readiness, facing challenges such as a skills deficit, fragmented security implementations, and a disconnect between executive priorities and security realities. India needs over 800,000 cybersecurity professionals, and educational institutions must integrate practical threat scenarios into their curricula. The "Make in India" movement is fostering indigenous cybersecurity solutions that address local threats while being globally relevant. Quick Heal utilizes AI to enhance threat detection and response, analyzing vast amounts of data while emphasizing the irreplaceable role of human expertise in strategic decision-making. Emerging threats include AI-powered social engineering, supply chain attacks, and cloud misconfigurations. Organizations should adopt Zero Trust architectures, invest in continuous security training, and utilize integrated threat intelligence. Quick Heal's leadership emphasizes solving real problems for customers and encourages young engineers to gain practical experience in cybersecurity. Recommended strategies for CISOs include aligning security investments with business priorities, embracing automation, and establishing integrated threat intelligence for effective risk management.

Tech Optimizer

August 20, 2025

I tested the best antivirus software for Windows: Here’s what I’d use to protect my PC

Windows Security is a free antivirus program pre-installed on every Windows PC, offering solid protection. Bitdefender provides a comprehensive antivirus solution with a yearly subscription. Malwarebytes is recommended as the top antivirus choice for Windows users, featuring a user-friendly interface and both free and paid versions. TotalAV is an affordable option with a built-in VPN and system tune-up tool. McAfee Total Protection offers extensive features, including identity theft coverage. Avast One is designed for gamers, providing a Do Not Disturb mode. uBlock Origin is an ad blocker that enhances browser security, while Brave is a secure web browser with built-in tracking and ad blocking features.

Tech Optimizer

August 18, 2025

Critical PostgreSQL Flaws Allow Code Injection During Restoration

The PostgreSQL Global Development Group released emergency security updates on August 14, 2025, to address three critical vulnerabilities affecting PostgreSQL versions 13 through 17. The vulnerabilities include: 1. CVE-2025-8714: Allows arbitrary OS code execution via pg_dump meta-commands, with a CVSS score of 8.8. 2. CVE-2025-8715: Facilitates code/SQL injection through improper newline handling in object names, also with a CVSS score of 8.8. 3. CVE-2025-8713: Exposes sensitive data via optimizer statistics, with a CVSS score of 3.1. Organizations are advised to upgrade to PostgreSQL versions 17.6, 16.10, 15.14, 14.19, or 13.22 immediately. Cloud providers have begun emergency fleet updates, and development teams should audit their CI/CD pipelines for pg_dump usage. The vulnerabilities were disclosed responsibly by several individuals, and PostgreSQL 13 will reach its end-of-life on November 13, 2025.