We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

vulnerabilities

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs
Tech Optimizer
June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6
KDE appeals to Windows 10 'exiles'
Winsage
June 4, 2025

KDE appeals to Windows 10 ‘exiles’

KDE has launched a campaign called "KDE for Windows 10 Exiles" in response to the end of support for Windows 10, which will occur on October 14. The campaign warns users that while Windows 10 will still function after this date, the lack of updates will lead to performance and security declines, increasing risks of hacking. Users face a choice between switching to the Long Term Servicing Channel, paying for extended security updates, or upgrading to Windows 11, which many are reluctant to do due to various reasons, including corporate policies and hardware incompatibility. KDE advocates for transitioning to Linux, specifically its Plasma Desktop environment, emphasizing its user-friendliness and visual appeal. While installing Linux has become easier, KDE advises users to seek help from Linux enthusiasts for a smooth transition. Once installed, KDE claims users will experience fewer data collection issues and no viruses, although users must remain vigilant against Linux malware. It is important to note that while support for many versions of Windows 10 ends on October 14, Microsoft 365 applications on Windows 10 will continue to receive security updates until 2028.
I learned these 6 antivirus myths for PCs are completely wrong
Tech Optimizer
June 3, 2025

I learned these 6 antivirus myths for PCs are completely wrong

Antivirus software on Windows was once essential due to security vulnerabilities, but built-in protection in Windows 8 and later versions often suffices for everyday use. Modern third-party antivirus applications are designed to be efficient and have minimal impact on system performance. All operating systems, including macOS, Linux, iOS, and Android, are susceptible to malware, contrary to the belief that only Windows needs antivirus protection. Manual virus scans are no longer necessary as modern solutions provide real-time monitoring. Antivirus software should be part of a broader security strategy that includes regular updates and secure online practices. Relying solely on cautious behavior is insufficient, as threats can emerge from various sources. Using antivirus software is still recommended, and users can complement built-in security features with third-party solutions.
Explore New Worlds and Sounds: How to Safely Download Minecraft APK and Spotify Premium APK
AppWizard
June 2, 2025

Explore New Worlds and Sounds: How to Safely Download Minecraft APK and Spotify Premium APK

Smartphones are essential for accessing creative and entertainment applications like Minecraft and Spotify. The Minecraft APK allows users to play the game on unsupported devices, access updates without delays, and experiment with mods. The Spotify Premium APK enables ad-free streaming, offline downloads, and superior sound quality. Safe downloading involves choosing trusted sources, enabling "Unknown Sources" in device settings, installing cautiously while monitoring permissions, and keeping the device updated to prevent vulnerabilities.
Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands
AppWizard
June 2, 2025

Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

On May 30, 2025, CERT Polska disclosed three security vulnerabilities affecting preinstalled Android applications on Ulefone and Krüger&Matz smartphones: CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917. - CVE-2024-13915: The com.pri.factorytest application allows any app to invoke the FactoryResetService, enabling unauthorized factory resets due to improper export controls (CWE-926). - CVE-2024-13916: The com.pri.applock application exposes a public method that allows malicious apps to steal the user’s PIN, representing an exposure of sensitive system information (CWE-497). - CVE-2024-13917: The exported activity in com.pri.applock allows privilege escalation by enabling malicious apps to inject intents with system-level privileges if they have access to the compromised PIN (CWE-926). Users of affected devices are advised to seek firmware updates or mitigations from their vendors.
Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection
AppWizard
June 2, 2025

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities have been identified in pre-installed applications on Ulefone and Krüger&Matz Android smartphones, disclosed on May 30, 2025. Three vulnerabilities affect these devices, including CVE-2024-13915, which targets the com.pri.factorytest application, allowing unauthorized factory resets. CVE-2024-13916 and CVE-2024-13917 affect the com.pri.applock application on Krüger&Matz smartphones, enabling malicious apps to extract user PIN codes and inject arbitrary intents. These vulnerabilities stem from improper export of Android application components, allowing malicious applications to bypass Android’s permission model. Users are advised to check for updates and consider disabling vulnerable applications.
Microsoft’s Bad News—500 Million Windows Users Must Now Decide
Winsage
June 2, 2025

Microsoft’s Bad News—500 Million Windows Users Must Now Decide

A recent advisory warns Windows users about vulnerabilities, emphasizing the need to upgrade from Windows 10 to Windows 11 due to the impending cessation of support for Windows 10 in October. Asus has highlighted that users of Windows 10 or older systems will soon lose regular updates and support. Currently, around 750 million users are on Windows 10, with 500 million potentially eligible for a free upgrade to Windows 11. Recent market data shows Windows 10's user share has increased from 41% in April to over 43% in May, while Windows 11 has declined by 3.5%. The urgency for upgrades is heightened as the deadline for Windows 10 support approaches, raising concerns about a potential cybersecurity crisis.
How to update to Windows 11 with Microsoft support for Windows 10 ending
Winsage
June 1, 2025

How to update to Windows 11 with Microsoft support for Windows 10 ending

Microsoft will conclude support for Windows 10 on October 14, 2025, ending free updates and security patches. Users are encouraged to upgrade to Windows 11 to avoid vulnerabilities, as Windows 10 will still function but without security updates. To check the current version of the operating system, users can right-click the Windows icon, select “System,” and view the information under “Windows Specifications/Edition.”
Search