Bill Toulas

Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. He provides detailed and informative articles that are easy to understand for readers of all levels. His primary focus is on cybersecurity news but also covers other tech-related topics.

99%

The Daily's Verdict

This author is known for its high journalistic standards. The author strives to maintain neutrality and transparency in its reporting, and avoids conflicts of interest. The author has a reputation for accuracy and rarely gets contradicted on major discrepancies in its reporting.

Bias

100%

Examples:

  • Bill Toulas appears to have a neutral reporting style with no clear signs of editorial bias.

Conflicts of Interest

100%

Examples:

  • There is no evidence of conflicts of interest in Toulas's reporting.

Contradictions

90%

Examples:

  • He covers various cybersecurity incidents and vulnerabilities across different platforms and software, showing no preference for any specific target.
  • Toulas reports on multiple instances where malicious apps or exploits were found on Google Play, but there is no indication that he has a personal vendetta against the company.

Deceptions

100%

Examples:

  • No instances of deception or misleading information have been found in Toulas's articles.

Recent Articles

New Mandrake Android Malware Variant Evades Detection for Over Two Years on Google Play

New Mandrake Android Malware Variant Evades Detection for Over Two Years on Google Play

Broke On: Monday, 01 April 2024 A new variant of the Android malware Mandrake, which has evaded detection for over two years on Google Play, was discovered in April 2024 by Kaspersky. This latest version uses advanced obfuscation and evasion techniques to avoid detection and communicates securely with its command-and-control server. The malware can steal user credentials and download additional malicious applications, making it a significant threat. Google Play Protect is being updated to better combat these challenges, but users can also protect themselves by updating their devices, being cautious with app permissions, using reputable mobile security solutions, and avoiding unofficial sources.
Microsoft's July 2024 Security Update: Patching the High-Severity CVE-2024-38112 Spoofing Vulnerability in Windows MSHTML Platform

Microsoft's July 2024 Security Update: Patching the High-Severity CVE-2024-38112 Spoofing Vulnerability in Windows MSHTML Platform

Broke On: Tuesday, 09 July 2024 In July 2024, Microsoft patched a year-long exploited high severity vulnerability (CVE-2024-38112) in the Windows MSHTML Platform. Attackers disguised malicious files or websites to trick users into opening them, bypassing modern security features and executing remote code on their systems.
New Android Malware Strain Snowblind Exploits Linux Kernel Feature to Steal Banking Info and Disable 2FA

New Android Malware Strain Snowblind Exploits Linux Kernel Feature to Steal Banking Info and Disable 2FA

Broke On: Thursday, 27 June 2024 A new Android malware strain named Snowblind, discovered by cybersecurity firm Promon, exploits the Linux kernel feature seccomp to co-opt accessibility features and steal banking login information or interrupt transactions. It can also disable 2FA or biometric verification methods, increasing the risk of fraud or identity theft. The malware abuses seccomp to sandbox repackaged apps and redirect system commands, impacting at least one banking app in Southeast Asia. Google has stated that no Snowblind apps are found on the Google Play Store. Keeping devices updated with security patches and using reputable sources for app downloads is crucial to protect against Snowblind.
New PHP RCE Vulnerability (CVE-2024-4577) Exploited by TellYouThePass Ransomware Gang: Mitigation Recommended

New PHP RCE Vulnerability (CVE-2024-4577) Exploited by TellYouThePass Ransomware Gang: Mitigation Recommended

Broke On: Wednesday, 12 June 2024 TellYouThePass ransomware gang exploits a recently discovered vulnerability in PHP, CVE-2024-4577, affecting all versions on Windows in CGI mode. Despite the patch being available for over a week, attacks started on June 8 and have infected servers and encrypted files. Over 450,000 exposed PHP servers could be vulnerable; updating to the latest version is recommended to mitigate this risk.
Critical PHP Vulnerability (CVE-2024-4577) Allows Unauthenticated Code Execution on Windows Systems

Critical PHP Vulnerability (CVE-2024-4577) Allows Unauthenticated Code Execution on Windows Systems

Broke On: Saturday, 08 June 2024 A critical vulnerability, CVE-2024-4577, in PHP affects all Windows systems and allows unauthenticated attackers to take control when PHP is configured for certain interactions or the binary is exposed. Vulnerable are systems running Japanese, traditional Chinese, or simplified Chinese. Attackers can exploit this recurrence of an argument injection bug through CGI mode or exposing the PHP binary in a CGI directory. Affected versions include 8.3 prior to 8.3.8, 8.2 prior to 8.2.20, and 8.1 prior to 8.1.29.
90 Malicious Android Apps Disguised as Useful Tools Download Over 5.5 Million Times: What Users Need to Know

90 Malicious Android Apps Disguised as Useful Tools Download Over 5.5 Million Times: What Users Need to Know

Broke On: Wednesday, 29 May 2024 Over 90 malicious Android apps disguised as useful tools have been downloaded over 5.5 million times from Google Play, distributing Anatsa banking trojan. These apps request SMS and accessibility permissions after installation, target financial apps primarily in Europe and the US for credential theft.
Apple Addresses Rare Issue of Resurfacing Deleted Photos on iOS 17.5 Devices: Corrupted Database Entry Identified

Apple Addresses Rare Issue of Resurfacing Deleted Photos on iOS 17.5 Devices: Corrupted Database Entry Identified

Broke On: Friday, 24 May 2024 Apple addressed a rare issue in iOS 17.5 where deleted photos resurfaced due to corrupted database entries. Affected files were carried over during backup or device transfer, and only a small number of users experienced this issue. Apple removed the routine responsible for re-importing old photos, preventing their return in future updates.
New Android Malware SoumniBot Evades Detection with Invalid Manifest File Size and Uncompressed Data

New Android Malware SoumniBot Evades Detection with Invalid Manifest File Size and Uncompressed Data

Broke On: Monday, 01 April 2024 A new Android malware named SoumniBot, targeting South Korean users, evades detection by misrepresenting its manifest file size and using an unconventional method to bypass validation checks. The malware exploits the incorrect checking of compression method values in the Android APK parser and adds extra content to the unpacked manifest due to its reported size exceeding its real size. Once installed, SoumniBot remains active in the background and uploads data from victims' devices.

SysAid Software Vulnerability Exploited by Ransomware Operation

Broke On: Thursday, 09 November 2023 SysAid IT service management software users have been alerted about a zero-day vulnerability, tracked as CVE-2023-47246, exploited by affiliates of a ransomware operation. The flaw is a path traversal issue that leads to arbitrary code execution, potentially allowing unauthorized access and control over the affected system. The threat actor exploiting this vulnerability is known as Lace Tempest, an affiliate known for deploying Cl0p ransomware. The vulnerability was confirmed by cybersecurity firm Profero, which discovered that the attacker could upload a WebShell and other payloads into the webroot of the SysAid Tomcat web service. SysAid has since released version 23.3 to address the vulnerability.