unauthorized access Archives

AppWizard

April 3, 2025

This sneaky Android spyware needs a password to uninstall. Here’s how to remove it without one

Consumer-grade phone surveillance applications are becoming more sophisticated and difficult to remove. A recent investigation revealed an Android monitoring app that requires a password for uninstallation, trapping users who want to remove it. This spyware uses an Android feature to overlay content, displaying a password prompt when users attempt to uninstall it. The password is set by the person who installed the app, complicating removal. A workaround involves rebooting the device into "safe mode," which temporarily disables third-party apps, allowing users to uninstall the spyware without encountering the password prompt. These spyware applications are often marketed as parental control or employee tracking tools but can be classified as "stalkerware," with some promoting surveillance of partners without consent, which is illegal. Spyware is typically downloaded from unofficial sources and installed by individuals with physical access to the target device. It may hide its icon and continuously upload sensitive data to a web dashboard accessible by the abuser. Identifying such spyware can be difficult, as it may appear as a benign app in Android settings. To identify and remove Android password-enabled spyware, users should have a safety plan before proceeding. A general guide for spyware removal suggests checking for unfamiliar device admin apps, as these may indicate spyware presence. Users can enter safe mode by holding the power button, selecting "power off," and confirming the reboot into safe mode. In safe mode, users can check for and deactivate any suspicious device admin apps, then uninstall the spyware from the apps section in settings. After removal, users should secure their devices with a complex passcode and protect online accounts linked to the device. Staying vigilant about digital security is essential to reduce the risk of invasive technologies. Resources are available for those who suspect their phone has been compromised by spyware.

Tech Optimizer

April 2, 2025

When it comes to security, public Wi-Fi could be a risky choice for commuters worldwide

Research from NordVPN indicates that 47% of commuters use strong passwords or passcodes, 46% regularly update their software, 20% use privacy screen protectors, and only 17% utilize a VPN for added security while traveling.

Tech Optimizer

April 2, 2025

Thousands of PostgreSQL servers are being hijacked to mine crypto

Researchers at Wiz have identified a cryptojacking campaign by a group called JINX-0126, targeting over 1,500 misconfigured PostgreSQL servers by exploiting weak login credentials. The attackers deploy the XMRig-C3 miner to mine Monero, consuming nearly all computing resources and increasing electricity usage for victims. Each compromised device is assigned a unique mining worker for tracking. The campaign has evolved to include defensive measures and fileless deployment to evade detection. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly accessible, highlighting security vulnerabilities.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

BetaBeacon

April 2, 2025

Hurry! These Smartphone Games and Apps Are Free Right Now

The fact described in the text is that there are limited-time free Android apps and games available, including an Offline Password Manager app that securely stores passwords without unnecessary features.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.

Winsage

March 30, 2025

Microsoft is asking people to delete their passwords

Microsoft will introduce a new sign-in and account creation process emphasizing passkeys starting in April, impacting over a billion users. New users will verify their email and generate a passkey instead of creating a password, while existing accounts will prioritize passkeys for authentication. Microsoft's goal is to eliminate passwords entirely, as passkeys are tied to a user's device and can be unlocked using biometric methods. The company blocks approximately 7,000 password-related attacks every second, highlighting the vulnerability of traditional passwords. Passkeys are securely stored on devices, reducing the risk of unauthorized access, and are reported to be three times faster than traditional passwords.

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 26, 2025

Auth bypass CVE-2025-22230 impacts VMware Windows Tools

Broadcom has addressed a critical authentication bypass vulnerability, CVE-2025-22230, affecting VMware Tools for Windows, rated with a CVSS score of 9.8. This vulnerability allows low-privileged local attackers to escalate their privileges within vulnerable VMs, potentially leading to unauthorized access. It affects VMware Tools versions 12.x.x and 11.x.x across Windows, Linux, and macOS platforms. VMware Tools version 12.5.1 has been released to fix this issue. Additionally, Broadcom issued updates for three zero-day vulnerabilities in VMware ESX products (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), which were confirmed to be actively exploited and represent a "VM Escape" scenario.

AppWizard

March 26, 2025

US spies issued warning WEEKS AGO about Signal messaging app security fears and potential leaks

The National Security Agency (NSA) issued a warning on February 25 regarding vulnerabilities in the Signal app that could be exploited by foreign operatives, particularly Russian intelligence. This warning highlighted risks to the confidentiality of conversations and noted that individuals under surveillance should be cautious when using the app. The memo stated that while Department of Defense and NSA employees may use Signal, they are prohibited from discussing sensitive matters on it. Furthermore, the NSA cautioned against sharing compromising information over social media or internet-based applications, urging discretion in online interactions. The warning preceded a scandal involving Trump administration officials who leaked sensitive military information through the app, which included a U.S. journalist in the conversation, leading to potential legal repercussions for violating security guidelines.