With each new version of the Android operating system, new features are added to protect users from malware. For example, Android 13 introduced Restricted Settings. In this post, we’ll discuss what this feature involves, what it’s designed to protect against, and how effectively it does its job (spoiler: not very well). What are Restricted Settings? How do Restricted Settings operate? Imagine you’re installing an application from a third-party source — that is, downloading an APK file from somewhere and initiating its installation. Let’s suppose this application requires access to certain func ..read more

Most smartphones have an average of around 80 installed apps, of which at least 30% are never used since most are forgotten about. But such “ballast” is harmful: there’s less free space on the device; potential bugs and compatibility issues multiply; and even unused apps at times distract you with pointless alerts. To make things worse, abandoned apps can continue collecting data about the phone and its owner and feed it to advertising firms, or simply gobble up mobile data. Hopefully, we’ve already convinced you to “debloat” your smartphone at least a couple of times a year and uninstall apps ..read more

WordPress is the world’s most popular content management system. As its developers like to point out, over 40% of all websites are built on WordPress. However, this popularity has its downside: such a huge number of potential targets inevitably attracts malicious actors. For this very reason, cybersecurity researchers carefully investigate WordPress and regularly report various problems with this CMS. As a result, it’s not uncommon to hear that WordPress is full of security issues. But all this attention has a positive side to it: most of the threats and the methods to combat them are well kno ..read more

The latest episode of the Transatlantic Cable podcast begins with news that General Electric are investigating claims of a data breach, where it was reported that an attacker was selling access to the business for just $500.  From there, the team discuss how U.S police forces are returning $9 million in seized crypto assets back to victims of ‘pig butchery’ scams. To wrap up the team discuss how to stay safe online with tools like Duck Duck Go and Brave and they also sit down with David Emm to discuss APT predictions for 2024. If you like what you heard, please consider subscribing. Gene ..read more

Researchers have discovered several vulnerabilities in the BitcoinJS library that could leave Bitcoin wallets created online a decade ago prone to hacking. The basic issue is that the private keys for these crypto wallets were generated with far greater predictability than the library developers expected. Randstorm vulnerabilities and consequences Let’s start at the beginning. Researchers at Unciphered, a company specializing in crypto wallet access recovery, discovered and described a number of vulnerabilities in the BitcoinJS JavaScript library used by many online cryptocurrency platforms. A ..read more

Devices on the border between the internet and an internal corporate network — especially those responsible for security and network traffic management — are often a priority target for attackers. They arouse no suspicion when sending large volumes of traffic outward, and at the same time have access to the organization’s resources and to a significant portion of internal traffic. Note also that network activity logs are often generated and stored on these devices, so if the router is compromised, attackers can just erase traces of their malicious activity. This is why router compromise has be ..read more

On November 14, Google released a bulletin reporting a serious vulnerability in a number of Intel processors — starting from the Ice Lake generation released in 2019. Potentially this vulnerability can lead to denial of service, privilege escalation, or disclosure of sensitive information. At the time of writing, microcode updates addressing the issue have been released for the 12th and 13th generation Intel processors (Alder Lake and Raptor Lake, respectively). Patches for 10th and 11th generation processors (Ice Lake and Tiger Lake) are in progress. The full list of affected processors is av ..read more

The Nothing Chats app is a messenger created by the developer of the quite popular smartphone Nothing Phone — yet another “iPhone killer”. The main selling point of Nothing Chats is was the promise of giving Android users the ability to fully communicate using iMessage — a messaging system previously available only to iPhone owners. However, Nothing Chats was almost immediately found to have a whole host of security and privacy issues. These problems were so serious that less than 24 hours after its release in the Google Play Store, the application had to be removed. Let’s delve into this in m ..read more

For many, Android smartphone updates are a sore point. On the one hand, they’re essential to fix dangerous bugs and vulnerabilities on your phone, delivering handy new features and support for the latest technologies at the same time. On the other hand, updates are often delayed, get installed at the worst possible time, they can slow down your phone, and in really bad cases cause data loss or even brick the device. Let’s figure out how to install Android updates properly to get all the benefits and zero misery. Different types of updates “Installing updates” can refer to five quite different ..read more

The latest episode of the Transatlantic Cable podcast kicks off with two stories around, you guessed it: Artificial Intelligence. To kick things off, the team discuss news that YouTube are testing a tool, allowing selected users to create audio from musicians. The second story focuses on YouTube’s decision to force creators to label when AI content is used in their videos. Following that, the team also look at an insightful story around hacking and drug smuggling and how QR codes were (once again) leveraged by criminals in order to dupe victims out of their cash. If you like what you heard, pl ..read more