services Archives

AppWizard

May 6, 2026

Android Apps Get Public Verification System to Stop Supply Chain Attacks

Google has launched an enhanced Binary Transparency initiative for Android to strengthen the ecosystem against supply chain attacks. This initiative builds on the Pixel Binary Transparency framework introduced in October 2021, which ensures Pixel devices operate on verified OS software through a public cryptographic log of factory images. The new initiative aims to address the increasing sophistication of binary supply chain attacks, emphasizing that a binary's digital signature alone is insufficient for guaranteeing its authenticity. Starting May 1, 2026, all production Android applications released by Google will include a cryptographic entry confirming their authenticity. This initiative covers various Google applications and provides a transparent 'Source of Truth' for users to verify the software on their devices. Google is also offering verification tools for users and researchers to confirm the transparency state of supported software types, enhancing user privacy and security.

Tech Optimizer

May 6, 2026

How Aurora Blue-Green Upgrades Cut Our Postgres Downtime by 50X

Paxos has implemented Blue-Green upgrades to improve database maintenance for asset trading, achieving a 50-fold reduction in downtime from 30-120 minutes to approximately one minute. This upgrade strategy allows for real-time synchronization between a blue cluster handling production traffic and a new green cluster with the updated version. Challenges included issues with CREATE ROLE statements disrupting upgrades due to temporary roles and the necessity to drop replication slots before PostgreSQL 17, which could lead to data loss. Additionally, upon the green cluster becoming primary, it acquires a new cluster ID, requiring updates for clients using RDS IAM authentication. The transition to PostgreSQL 17 is anticipated to resolve the need to drop logical replication slots, preserving Change Data Capture (CDC) continuity.

AppWizard

May 6, 2026

Google expands Android Binary Transparency to counter supply chain attacks

Supply chain attacks targeting mobile software have increased due to the reliance on smartphones for essential functions. In response, Google has launched an enhanced Binary Transparency program for Android, which includes a public ledger that records cryptographic entries for production applications. This program initially covers two software layers: Google Applications and Mainline Modules. For Pixel device owners, it complements the Pixel System Image Transparency feature introduced in 2023, allowing users to verify the authenticity of system images and Google applications. The program aims to address the gap in software trust by distinguishing between digital signatures, which confirm the identity of the binary's creator, and binary transparency, which indicates the intent for public release. If a Google-signed application released after May 1, 2026, is not listed in the ledger, it means Google did not authorize it as production software. Verification tools are available on GitHub for assessing software against the ledger. Google employs "defense-in-depth" protocols to mitigate insider risks, ensuring that no single individual can publish a binary without triggering cryptographic verification. The ledger acts as a public record to deter unauthorized modifications. Google is also working to extend Binary Transparency to third-party developers to enhance the security of the global software supply chain.

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

Winsage

May 5, 2026

Microsoft to retire Edge sidebar apps as part of Windows 11 simplification

Microsoft is retiring the sidebar app list feature from its Edge browser, starting with users signed in with a Microsoft account. The ability to add new apps to the sidebar has already been disabled, and existing pinned apps will be removed in a future update. Users will receive notifications prior to the full removal of the feature. Microsoft has not provided a direct replacement for the sidebar app list, and while features like Split Screen remain available, they do not replicate the sidebar's quick-access functionality. Microsoft plans to continue developing its Copilot integration within Edge, despite mixed user responses to the removal of the sidebar app list.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.

Tech Optimizer

May 5, 2026

Intego ONE

Intego has released Intego ONE, a rebranded antivirus solution for Mac users that combines antivirus capabilities with a firewall. The product has received a 97.1% malware detection score in independent lab tests, although it lacks phishing protection, a feature offered by competitors like Norton and Bitdefender. Intego ONE has a tiered pricing structure, with the Essential tier costing .99 annually and providing antivirus and firewall protection, while the Advanced tier, which includes the SmartClean system cleanup tool, costs .99. The top-tier Complete subscription, which includes a VPN, is priced at .99 annually. Intego offers a 7-day free trial for potential customers. The software installation is straightforward, requiring Full Disk Access for optimal functionality. Intego's firewall is integrated into the main application for easier user interaction. The SmartClean feature aims to optimize system performance but may not justify its additional cost for all users. The VPN included in the Complete tier is user-friendly but may be priced higher than standalone options.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

AppWizard

May 5, 2026

Meta enhances security of WhatsApp and Messenger encrypted backups

Meta has enhanced the security and transparency of its end-to-end encrypted backup system for WhatsApp and Messenger. The improvements focus on refining the distribution and verification of encryption keys, and allow for independent audits of certain infrastructure components. The updates are based on Meta's Hardware Security Module (HSM)-based Backup Key Vault architecture, which securely stores recovery secrets in tamper-resistant hardware, ensuring that neither Meta nor cloud service providers can access users' message archives. For encrypted backups, users' devices generate a 256-bit encryption key locally, which encrypts all backup data before uploading it to cloud storage. The key remains on the device in an encrypted format, with the user's password not visible to Meta or third parties. An encrypted version of the backup key is stored in the HSM-based vault using the OPAQUE password-authenticated key exchange protocol, enhancing recovery security without revealing the password. The recent updates include an over-the-air (OTA) fleet key distribution mechanism, which avoids hardcoding trusted infrastructure keys into Messenger applications. Clients receive a “validation bundle” containing the HSM fleet's public keys during runtime, with signatures verified against Cloudflare’s Key Transparency system. The vault operates across at least seven data centers using majority-consensus replication to ensure availability and integrity. Meta plans to publish cryptographic proof of each new HSM fleet deployment, allowing advanced users and researchers to verify these deployments through the open-source “mbt” (Meta Binary Transparency) CLI tool, which conducts multiple checks to confirm that fleet keys are untampered.

Tech Optimizer

May 4, 2026

2026 Security Checkup: Bad Medicine ⭐️

Neil J. Rubenking's article argues against relying solely on Microsoft Defender for antivirus protection, claiming it is inadequate for users managing multiple devices. However, the author contends that Windows Defender provides essential protection with minimal fuss and operates effectively in the background. The article suggests that third-party antivirus solutions are necessary for cross-device management, but the author believes that many devices are inherently secure and that users prefer a straightforward approach to security. The article also states that Defender's phishing protection is limited to Microsoft Edge, while the author points out that most modern browsers have similar protections. Additionally, the critique of Defender for lacking extra features found in third-party applications is countered by the author, who argues that many of those features are unnecessary or redundant. The article mentions the rise of AI-driven scams and suggests that third-party antivirus companies have adapted with specialized tools, but the author believes existing email provider filters are often sufficient. Lastly, while the article critiques Defender's user interface for being less visually appealing, the author emphasizes the importance of functionality over aesthetics. Overall, the author advocates for a streamlined approach to cybersecurity that leverages built-in protections and sound practices.