By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The stolen records of 20 million users of a popular Android app store have been published online by a hacker who claims to have 19 million more. Not all app stores are the same. Android users have access to the official Google Play Store, complete with nearly three million (2,870,985) apps available for download. Then there are the manufacturer app stores, of which the best known are probably the Samsung Galaxy Store and the Huawei AppGallery. Finally, we arrive at the third-party app stores, the ones not pre-installed by the smartphone vendor nor operated by Google. Among the biggest of these, with a claimed global userbase of 150 million and a million apps, is Aptoide. It is Aptoide that would appear to have been breached by a hacker who claims to have stolen 39 million customer records and has published details of 20 million of them, including login emails and hashed passwords, on a popular hacker forum. Aptoide was founded in 2011 and has quickly grown thanks to using a decentralized app store model where every user can have their own individually managed app store. The Aptoide app itself is open source and generally well-received, acting as an app discovery platform. It is also thriving, as far as third-party app stores go: one million apps and seven billion downloads are claimed by Aptoide. Cybersecurity folk, myself included, often warn against the use of third-party app stores because of the potential for malware distribution. Aptoide, though, has always been keen to emphasize how safe it is. The app description states that "all the apps are checked for viruses, and we perform extra security tests to ensure your Android device is always safe." The Aptoide home page claims that "recent studies prove that Aptoide is the safest Android app store," although I was unable to find any link to those studies. In the research and development section, however, there was mention of the AppSentinel anti-malware system project and a reputation systems knowledgebase called TrustChain. On April 19, the Have I Been Pwned (HIBP) database added an entry for Aptoide. This stated that the app store had suffered a data breach and that 20 million customer records had subsequently been shared online in a popular hacker forum. HIBP states the breach date as being April 13 and gives the precise number of compromised accounts as 20,012,235. You want to know more, stop by OUR FORUM, and we will share the rest with you.

A handful of Windows 10 users are reporting a wide range of issues after installing Windows 10 KB4549951 cumulative update, while others report an error message when they attempt to download and install important security package, which was released on Tuesday. In Microsoft’s forum and Feedback Hub, many users have reported that Windows 10 installation issues are once again back with KB4549951 and this apparent bug is preventing people from keeping their devices up-to-date. Despite the problems updates have caused users, it is still important to ensure you have the latest security patches. Unfortunately, this is another update that fails to install with generic error messages like 0x8007000d, 0x800f081f, 0x80073701, etc. It’s not clear why Windows 10 updates are still failing to install for some users and Microsoft has yet to acknowledge or document the problems. If you have already followed the traditional workarounds available on the internet and nothing seems to work to resolve the issue with Windows Update, you may want to consider performing a clean installation of Windows 10. To perform a clean installation, you’ll need to download ISO images and reinstall Windows 10. KB4549951 issues include broken Bluetooth, WiFi, connectivity problems, BSOD, poor system performance, and even complete system crashes for some users and not everyone. “I wanted to let you know that after installing this update “KB4549951″ my device no longer has a Bluetooth adapter according to Windows (which of course is false since it still worked yesterday before installing this damn update,” one user told us in an email. “I updated (KB4549951) my Windows 10 on 15.04.20. After updating, Bluetooth stops working. Now Bluetooth is not showing in Device Manager. I tried to uninstall Updates but still, it is not showing. What to do now. My Laptop supports Bluetooth,” another user reported the same issue in Microsoft’s forum. It looks like there is a compatibility issue between the Bluetooth driver and Windows 10 update. In this case, you should roll back to the previous version of Windows and reinstall the driver if it doesn’t up. Unfortunately, Microsoft’s patch also causes dreaded error ‘Blue Screen of Death’ to appear on the screen, which signals a complete system crash. One victim wrote that their MSI computer booted with a BSOD after applying this update. “I was hit with the infamous blue screen ( YOUR DEVICE RAN INTO A PROBLEM AND NEEDS TO…..) with each time a different stop code,” the user explained. “I noticed that after installing the KB4549951 update, I get BSODs with the error “KERNEL MODE HEAP CORRUPTION” whenever I try to do something seemingly CPU-heavy (watchin livestreams/conferences, even trying to look at the Event Viewer). I did some experimenting and noticed that the update was seemingly the cause of the BSOD – everything else seems to be fine,” another frustrated documented the bug. There’s usually nothing you can do to fix BSOD errors, but users can roll back to an earlier version of Windows if their devices allow them to, or they can reinstall Windows 10. Read the complete post along with the fix posted on OUR FORUM.

FOR MORE THAN an hour at the beginning of April, major sites like Google and Facebook sputtered for large swaths of people. The culprit wasn't a hack or a bug. It was problems with the internet data routing standard known as the Border Gateway Protocol, which had allowed significant amounts of web traffic to take an unexpected detour through a Russian telecom. For Cloudflare CEO Matthew Prince, it was the last straw. BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. Companies like Cloudflare sit on the front lines of the BGP blowback. And while the company can't fix the problem directly, it can call out those that are slow to contribute defenses. On Friday, the company launched Is BGP Safe Yet​, a site that makes it easier for anyone to check whether their internet service provider has added the security protections and filters that can make BGP more stable. Those improvements are most effective with wide adoption from ISPs, content delivery networks like Cloudflare, and other cloud providers. Cloudflare estimates that so far about half of the internet is more protected thanks to heavy hitters like AT&T, the Swedish telecom Telia, and the Japanese telecom NTT adopting BGP improvements. And while Cloudflare says it doesn't seem like the Rostelecom incident was intentional or malicious, Russian telecoms do have a history of suspicious BGP meddling, and similar problems will keep cropping up until the whole industry is on board. "With that last big route leak from a few weeks ago out of Russia, it was a point at which our engineering team said enough is enough, it’s time for us to start naming and shaming the companies who aren’t doing this right," says Cloudflare CEO Matthew Prince. "Anything that goes wrong anywhere on the internet, we get blamed for it, which is right! Our customers pay us to make sure their internet connections are fast and secure and reliable. So BGP is one of these really frustrating areas that we can’t solve ourselves." BGP is like a GPS mapping service for the internet, enabling ISPs to automatically choose what route data should take over the internet's vast landscape of networks. But really BGP is like using a GPS mapping service run by your opinionated relatives. Your cousin's stepfather says "Oh, take this route. It'll be fast and safe and you get to pass the house with the great Halloween decorations," and you just have to trust him. If he doesn't know what he's talking about—like an ISP advertising a bad BGP route—you could end up stuck in endless mall traffic. The cryptographic tools, route filters, and best practices Cloudflare and other organizations have been promoting are like a sixth sense for detecting when you're getting bad advice. They run actual checks on the BGP routes other ISPs are "announcing," or offering, to make sure they're legitimate and that no one is advertising a problematic route. Visit OUR FORUM to test your ISP.

Microsoft has officially released the final build of Windows 10 2004 to Insiders in the Release preview ring and plans on releasing it to everyone in May as the "May 2020 Update". On Tuesday, Microsoft released the Windows 10 10 2004 version 19041.207 to Insiders on the Slow ring and have announced today that this is the final build to be released to all users in May. Starting today, Windows 10 2004 19041.207 has been moved to the Release preview ring so it can be further tested in production environments before the final release in May. "We are now getting the Windows 10 May 2020 Update (20H1) ready for release and releasing Build 19041.207 to Windows Insiders in the Release Preview ring. We believe that Build 19041.207 is the final build and we will continue to improve the overall experience of the May 2020 Update on customers’ PCs as part of our normal servicing cadence," Microsoft's announcement on the Windows Insider blog stated. As part of this rollout, only 50% of the Windows Insiders in the Release ring will receive the final build automatically at first. Other Insiders in the Release ring can perform a manual Windows Update check to download and install the May 2020 Update. Microsoft is offering businesses who are testing the May 2020 Update in their organization free support for severe issues that are discovered. "This support offering is intended to help resolve issues with business use case scenarios and is limited to Windows 10 Enterprise and Pro editions customers. Microsoft states that there are known issues with Windows Mixed Reality on Windows 10 2004 and that users of this technology should hold off on installing the update until a fix is released. If you run into a severe issue that prevents you or other users in your organization from using a device or compromises the security of personal data, you can use our online form to request assistance directly from Microsoft Support¬—at no cost to you," Microsoft offers. Microsoft states that there are known issues with Windows Mixed Reality on Windows 10 2004 and that users of this technology should hold off on installing the update until a fix is released. Compared to previous Windows 10 feature updates, Windows 10 1909 November 2019 Update was more of a service pack than a new feature-rich version. The Windows 10 2004 (20H1) release will feel more like a feature update with a variety of new features such as a new optional update experience, improved Task Manager, a new Cortana experience, improved Windows Search, and more. Learn more by heading to OUR FORUM.

China fears that once the coronavirus pandemic has passed, Britain will reconsider allowing Huawei to help operate its 5G telecommunications network. The top line: Huawei's access is crucial for China's influence and its ability to conduct espionage. But Beijing's coronavirus lies have fueled British concerns about entrusting Huawei with critical infrastructure. Which explains, then, why Huawei's vice president, Victor Zhang, has just published an open letter urging Britain to stick by its original decision. Fittingly, Zhang's opening and closing sentences carry the Chinese government's favorite propaganda line of the moment: that it is "only by working together" that we can beat the coronavirus. Of course, the "working together" narrative isn't actually about encouraging global cooperation, but rather about discouraging any criticism of China as some kind of attack on humanity. Zhang also laments the "groundless criticism from some about Huawei’s involvement in the U.K.’s 5G rollout ... without presenting any evidence." Seeing as how Huawei is a corporate agent of the Chinese Communist Party, and that its software is designed to provide deniable signal intercept-interact capabilities, Zhang's lamentations ring somewhat hollow here. Regardless, the Huawei executive has good reason to be concerned. In January, British Prime Minister Boris Johnson's Conservative government authorized Huawei to build out noncritical areas of Britain's 5G network. That decision reflected a U.K. Joint Intelligence Committee assessment that limited Huawei 5G access was compatible with British security. But according to The Guardian, the U.K. intelligence community is now pushing for increased restrictions on Chinese access to cutting edge research. First, China's deception over the original coronavirus outbreak in Hubei province isn't the key motive for the shifting U.K. attitude here. Instead, this harder line reflects Joint Intelligence Committee assessments (supported by U.S. intelligence sharing) that Chinese intellectual property theft poses an increasingly unacceptable threat to priority British security and economic interests. This is largely down to Chinese cyber-espionage activities and the deployment of Chinese Ministry of State Security and People's Liberation Army intelligence officers and agents to infiltrate British companies and research institutions. Learn lots more by signing onto OUR FORUM.

Throughout the 1990s, Microsoft developers were in a race of one-upmanship to produce the most elaborate secret “Easter eggs.” These included games of pinball, racing, and even flight simulators, all hidden within Office and Windows. Let’s take a look back at some of the best. “Easter eggs” are developer credits, silly features, or inside jokes hidden in software. Because you can only access these through a series of arcane steps resembling an Easter egg hunt, that’s how they got their name. Easter eggs were a sly, fun way for authors to secretly immortalize themselves in their work, even if individual programmer credits were discouraged for the sake of company unity. Microsoft’s history with software Easter eggs began as far back as the Commodore PET BASIC in the 1970s. Over the decades, it grew dramatically, continuing through MS-DOS and reaching peak complexity during the late ’90s in Microsoft Office applications. Microsoft Management officially put the kibosh on the practice in the early ’00s, citing security and customer trust concerns. For a while there, however, the eggs were on a roll—and they got pretty wild! In the ’90s, Excel attracted a large share of elaborate Easter eggs. For example, in Excel ’95, if you follow a series of complex steps, a window called the “Hall of Tortured Souls” appears. In this apparent reference to Doom, you can actually roam a 3D, first-person environment. After crossing a zigzag bridge, you discover a room with the names of Excel ’95’s developers and a low-resolution photo of the team. During the development of Windows 3.1, one of the programmers carried around a stuffed teddy bear. It became an inside joke and unofficial mascot for the operating system. When the team hid developer credits in the Program Manager of Windows 3.1, the bear naturally made an appearance. The Easter egg normally shows a man in a yellow suit next to a scrolling list of the developers’ internal email system names. If you perform the trick repeatedly, though, you might see the bear’s head in the yellow suit instead. Once word got out about the hidden “flight simulator” Easter egg in Excel ’97, it spread quickly in the press because it sounds so sensationally weird. In truth, though, it’s not exactly a flight simulator in the sense of gauges and airplane controls. Rather, it’s more of a surreal 3D, first-person flying experience over a purple landscape. If you fly around enough, you find a black monolith with the scrolling names of Excel ’97’s developers on it. See many of these wild and interesting Easter Eggs on OUR FORUM.