The most popular smart phone operating systems are iOS, Android and HarmonyOS. Users can access their preferred apps through the official secure app stores such as Apple’s App Store, Google Play or Huawei AppGallery. Baseline security checks are carried out to ensure that the apps allowed into these stores are secure. However, there are instances when users may wish to download apps outside their official app store. These unofficial app stores are commonly referred to as third-party app stores. These are the common risks of using such third-party app stores
Repojacking is a tactic used by malicious actors to hijack old repository names and add scripts that target dependent applications. This happens when a developer changes or repository owner changes their username. Malicious actors target the combination of old username and repository name. Based on this, repo jacking is a threat that organizations should start monitoring whether developers are in-house or outsourced.
Password spraying is a tactic used by malicious actors to attempt gain unauthorized access to an account by systematic password guessing against multiple usernames. Several security updates show that this is a commonly used malicious tactic. This therefore requires system administrators to implement appropriate mitigation measures to reduces this happening in IT environments. The Uganda National CERT and Coordination Center recommends the following top tips:
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.
Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution. This is an out of cyle security release.
Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a CRITICAL vulnerability. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all Adobe Acrobat and Reader users to review and implement the updates.