user security Archives

Winsage

May 1, 2025

Microsoft RDP apparently lets you log in with expired passwords – and it apparently doesn’t have plans to fix the issue

Security researcher Daniel Wade has revealed that Microsoft’s Remote Desktop Protocol (RDP) allows users to log into systems using previously revoked passwords, raising concerns about user security. Wade highlights that this feature undermines the trust users place in password management, as changing passwords is expected to prevent unauthorized access. This issue affects a wide range of users, from individuals to employees in small businesses and hybrid work environments. Despite the increasing sophistication of cyberattacks on password managers, Microsoft has stated it will not change this RDP functionality.

AppWizard

April 24, 2025

Google wants to make sure you never accidentally purchase an app again

Google is introducing a new swipe gesture for confirming app purchases on its Play Store, replacing the traditional tap-to-buy button. Users will need to hold and swipe to confirm their purchase, in addition to the usual verification measures. This feature is being rolled out in version 45.8.21-31 of the Play Store. Google has also removed 2.3 million potentially risky apps from its platform, but users are advised to remain vigilant and assess developer profiles and app reviews for reliability.

Winsage

April 20, 2025

587 Windows Vulnerabilities — A Microsoft Security Record Breaker

Microsoft has reported a record number of 1,360 security vulnerabilities for its products in 2024, marking an 11% increase from 2023. This includes 587 vulnerabilities in Windows (33 classified as critical) and 684 in Windows Server (43 classified as critical). The increase in reported vulnerabilities suggests that security researchers are effectively identifying weaknesses, and Microsoft has invested over a million dollars in bounties to encourage this. The proactive communication and remediation process during Patch Tuesday enhances security, indicating that Microsoft is committed to addressing vulnerabilities rather than being indifferent to user security.

TrendTechie

April 14, 2025

Релиз qBittorrent 5.0.5

On April 13, 2025, qBittorrent version 5.0.5 was released. The software is an open-source torrent client developed using the Qt toolkit, with its source code available on GitHub under the GPLv2+ license. It supports Linux, Windows, and macOS. The project began with version 4.0 in November 2017 and version 5.0 was released in September 2024. Key features include an integrated search engine, RSS feed subscription, support for BEP extensions, remote management, sequential downloading, advanced settings, bandwidth scheduling, IP filtering, torrent creation interface, and UPnP/NAT-PMP support. Version 5.0.5 includes bug fixes, extended configuration options, improved command-line parameter serialization, removal of missing color identifiers, and updated localization. Prior to this, version 5.0.1 was released in late October 2024, which fixed a long-standing SSL/TLS certificate validation bug, enhancing user security against man-in-the-middle attacks.

Winsage

April 11, 2025

Microsoft is about to launch Recall for real this time

Microsoft is rolling out its Recall feature for Copilot Plus PCs, which allows users to capture and revisit screenshots of their activities. The feature was delayed from its initial June launch due to security concerns and was aimed for an October release but was postponed again for user security. In November, a preview was made available to Windows Insiders for Qualcomm-powered Copilot Plus PCs, followed by versions for Intel and AMD models. Users must opt in to use the Recall feature and can pause it at any time for data privacy control.

AppWizard

March 27, 2025

Signal says it is ‘gold standard’ for encrypted messaging, despite claims of vulnerabilities

Rep. Pat Harrigan of North Carolina raised concerns about a report that the Trump administration accidentally texted a journalist about military operations in Yemen, questioning the security protocols of the administration regarding the encrypted messaging app, Signal. Signal responded by asserting that its software is "the gold standard for private, secure communications" and clarified that a reported "vulnerability" was related to phishing scams and not flaws in their technology. The company has introduced new user flows and in-app warnings to protect against phishing attacks and emphasized its open-source nature for regular audits. President Trump acknowledged the mistake, stating that a staffer mistakenly added journalist Jeffrey Goldberg to a group chat discussing a military strike against the Houthis in Yemen, which included senior officials. The incident has led to criticism, particularly from Democrats calling for resignations and congressional testimony from those involved.

AppWizard

March 24, 2025

Malicious Game Infects Steam Users With Info-Stealing Malware

Steam removed the game Sniper: Phantom's Resolution due to a security breach involving malware designed to extract sensitive user information. The malware was disguised as a legitimate Windows process and employed tactics like executing Node.js scripts and establishing startup persistence. A month earlier, another game, PirateFi, was found to be spreading the Vidar infostealer, affecting up to 1,500 users. Both incidents highlight the risks associated with malware hosted on trusted platforms like Steam, which may exploit vulnerabilities in submission processes. Users often identified suspicious behavior before the platforms did, indicating delayed detection and response times. The lack of timely communication regarding breaches further exacerbates user concerns.

Tech Optimizer

March 14, 2025

Best Antivirus for Mac for 2025

Bitdefender Ultimate Security for MacOS achieved a 100% detection rate for threats in AV-Test conducted in December 2024. It operates with minimal resource consumption, with slight slowdowns during software installations similar to other third-party antivirus tools. The software protects against malware, including ransomware and phishing attacks, and includes AI-powered anti-scam features. The Ultimate Security package offers tools beyond MacOS's built-in XProtect, including a VPN, adblocker with anti-tracking, and a password manager. It provides identity protection by monitoring data leaks and alerts users if their information appears on the Dark Web, covering up to five devices across MacOS, iOS, Windows, and Android. Higher-tier packages for US residents offer identity theft and financial fraud protection, with coverage up to million. The pricing starts at .99 for the first year, renewing at .99 annually, with mid-tier and highest-tier plans priced at .99 and .99 for the first year, respectively, offering additional identity theft coverage and credit monitoring services.

AppWizard

March 5, 2025

Google rolls out a quick March security patch to join its big Pixel update

In March 2025, Google began rolling out a security update for eligible Pixel devices, including the Pixel 6 series to Pixel 9, Pixel Fold, 9 Pro Fold, and Pixel Tablet. The update versions are BP1A.250305.019 for Pixel 6, 7, 8, and Fold, and BP1A.250305.020 for Pixel 9 series and Tablet. The update addresses various issues, enhancing display stability and performance, and includes fixes for camera and WebView stability. An audio issue with Bluetooth call volume is resolved, except for the Pixel 6 series. The changelog includes fixes for launcher theme misalignment, transparent home screen icons, app-switching issues with third-party launchers, and themed icon display problems. The update also introduces nine high-severity framework fixes and 21 system fixes for security, including two notable vulnerabilities. The rollout started on March 4, following a Pixel feature drop that added functionalities like Loss of Pulse detection and scam detection alerts.

AppWizard

March 5, 2025

Google rolls out new AI-powered scam detection feature in Messages app

Google Messages has introduced several new features for Android and Pixel users, focusing on user safety and connectivity. Key updates include an AI-driven scam detection tool that analyzes SMS, MMS, and RCS messages in real time to identify potential scams, alerting users to suspicious messages. This feature is initially available in English in the US, UK, and Canada, and it prioritizes user privacy by processing data on the device. Users can also share their live location with trusted contacts through a new feature integrated with the Find My Device app, which allows for real-time location sharing while maintaining control over who can access this information. Additionally, exclusive features for the Pixel 9 model include enhanced connectivity options for linking GoPro cameras and other Pixel phones, as well as upgrades to the Pixel Studio app for creating stylized images and stickers.