WhatsApp is among the best chat apps today with global recognition, but are there other alternatives?

WhatsApp has grown over the years with numerous features like end-to-end encryption coming into the fray, but in this article, we will be taking a look at some of the best WhatsApp alternative chat apps you should try out in 2021.



1. Telegram



The first WhatsApp alternative we will be taking a look at is Telegram, the UK-based messaging app with some of the best messaging features. This messaging app has end-to-end encryption, and unlike WhatsApp, which allows you to create groups with just 256 members, you can create Telegram groups which hold up to 200,000 members who can share files of up to 2 gigabytes all at once.

Pros




  1. Open API
  2. End-to-end Encryption
  3. Light data usage
  4. Group size of up to 200,000 members


Cons




  1. Metadata is stored on their servers



Supported Platforms



Windows PC, MacOS, Windows mobiles, iPad OS, Linux, Android, and iOS.

Pricing: Free

Quick Tips: It could happen that Telegram don´t run on your older softwares. If you are searching for a new one, Naija Reviews gives you the best shopping advice for smartphones.

2. Signal Messenger



The major reason you should consider Signal Private Messenger is that it is secure and developed by the same developers who brought end-to-end encryption to WhatsApp. As a plus, Signal messenger uses an open-sourced system that is far more secure than WhatsApp. A couple of new and exciting features on Signal are the screen security feature – preventing anyone from taking screenshots while it is on – and self-destructive messages. Truly Signal is an effective WhatsApp alternative you need to try.


  1. Phone call encryption
  2. No metadata storage
  3. Secure messaging
  4. Secure and open-source system


Cons




  1. Outdated versions cannot be used
  2. Update frequency is high
  3. No backup option for iOS users
  4. Only files up to 300kb and less can be sent


Supported Platforms



Windows, MacOS, iPad OS, Linux, Android, and iOS.

Pricing: Free

3. Wire messaging



Another effective WhatsApp alternative you need to check out today is the Wire messaging app. This is a Switzerland messaging app with a user-friendly interface. It also has an open-sourced system which makes it secure for use and an ideal alternative for WhatsApp. It has features like a cloud backup system and self-destructive messaging features. You also enjoy voice and video call options which makes it enjoyable to use.

Pros




  1. Multiple device login
  2. Group voice call option
  3. Open source system


Cons




  1. Metadata is stored on their servers



Supported Platforms



MacOS, iPad OS, Linux, Android, and iOS, browser extension.

Pricing: Free

4. Viber



Viber is a Japanese VoIP (voice over IP) messaging app, a great WhatsApp alternative. From your calls to shared media and even video calls, every one of your activities is protected using end-to-end encryption. You can create groups of 250 users and make video calls with up to 20 users without any form of complexity. Compared to WhatsApp, Viber has the "community" feature, allowing many communities for easy socializing.

Pros




  1. Availability of social communities
  2. It has video conferencing option
  3. You can make calls to users not on Viber at good rates


Cons




  1. The app supports advertisements



Supported Platforms



MacOS, iPad OS, Linux, Android, and iOS, Windows.

Pricing: Free

Conclusion



Though WhatsApp has been a great and effective messaging app, you need to explore these other options, especially with the recent user privacy issues. We have mentioned many WhatsApp alternatives here, with many features you would enjoy. Many of them are free and are available on multiple platforms like iOS and Android.

4 Best Alternative Chat Apps to WhatsApp

Power FX is an open-source programming language developed by Microsoft that promises to make coding as easy as building an Excel spreadsheet.

The Windows-maker touted Power FX as general purpose low-code programming language based on spreadsheet-like formulas which can be used across Microsoft’s Power Platform; and as it is based on Microsoft Excel it will be accessible to a larger number of people, even non-programmers.

Albeit, Power FX isn't so much a brand-new language as it is a new moniker for the formula language for Microsoft's canvas apps.

What Power FX brings to the coding table?



Power FX is a general-purpose, declarative, strong typed, and functional programming language that shares the same syntax and functions as Excel.



It currently works with Power Apps which is where you can experience it for now. And the process of extracting the programming language so that it can be used in more Microsoft Power Platform products and make it available for everyone is the next step.

As such, if you're familar with spreadsheets, or particularly, if you have written VBA macros, then you'll find Power FX pretty straightforward. There is also the fact that Power FX can be used in a "no-code" environment by making the UI generate the data and formulae needed for the computation.

Additionally, Power FX formulas can be stored in YAML source files for easy edit using either Visual Studio Code, or any other text editor and it also enables Power FX to be under the same source control with Azure DevOps, GitHub, or other source code control systems.

What Power FX means for Developers?



As Power Fx will be used within Microsoft's workflow automation tool and subsequently made available to all Windows 10 users, it can amplify the effectiveness and impact of developers by multiples of the same timeframe.

Therefore, offering developers a familiar way to express logic, will dramatically expand the possibility of building sophisticated solutions. And coupled with the tools a professional expects, including ability to directly edit apps in text-based editors like Visual Studio Code and use source control, Power FX will make it possible for developers to work faster and be more productive.

What is Power FX? Microsoft's new Open-source language based on Excel

ObliqueRAT is a notorious Trojan that was documented in February 2020, that primarily spy on users, including via webcam and the malware campaigns specifically target organizations in South Asia.

Cybersecurity company Cisco Talos has discovered a new campaign distributing the malicious remote access trojan (RAT) ObliqueRAT. And this new campaign deploys the ObliqueRAT payload and utilizes completely different macro code to download, with the attackers haven also updated the infection chain to deliver ObliqueRAT via hijacked websites.

The new malware campaign targeting organizations in South Asia utilizes malicious Microsoft Office documents forged with macros to spread ObliqueRAT.

What is the Mode of Operation of ObliqueRAT?



Previously, ObliqueRAT mode of operation, according to Cisco Talos, overlapped with another threat actors known as Transparent Tribe whose campaign in December 2019 was to disseminate CrimsonRAT, but the currentattacks differs in some key ways.



Besides the fact that it use of a completely different macro code to download and deploy the ObliqueRAT payload, the campaign operators have updated the delivery mechanism by cloaking the malware in seemingly innocous bitmap image files (.BMP files) on a network of adversary-controlled websites.

Additionally, the payload hosted on the hijacked website is simply a BMP image containing a ZIP file with the ObliqueRAT payload, and the malicious macros are responsible for extracting the ZIP and subsequently the ObliqueRAT payload on the endpoint.

The attack goal is to trick victims to open the emails containing the maldocs, which opened, will direct the victim to the ObliqueRAT payload using malicious URLs and ultimately export sensitive data from the victim's system.

How to Mitigate against such Email-based Malware attacks



Given that main attack vector remains the email, it is advised that users should desist from opening suspicious email and its attachements.

Additionally, they should use advanced malware protection solutions such as that offered by Cisco which is a better alternative to the in-built Windows protection.

ObliqueRAT resurfaces with Evasion tactics using hijacked websites

Microsoft Mesh is a new mixed-reality platform powered by Azure which allows people in different locations to join in shared holographic experiences using several kind of devices.

At the company’s Ignite digital conference, Microsoft uses 3D capture technology to beam a lifelike image of a person into a virtual scene, and as the first keynote experience is designed entirely for mixed reality, attendants at the conference could experience the show as avatars in a shared holographic world.

The idea is that people can actually feel like they’re in the same place with someone sharing content or can teleport from different mixed reality devices and be present with everyone even when not physically together.

How Microsoft Mesh will actually work?



The main goal of Microsoft Mesh is to enable persons in different locations to share collaborative holographic experiences, using holoportation to project themselves as their lifelike, photorealistic selves.



And the designers or engineers working with 3D physical models could appear as themselves in a shared virtual space to collaborate on holographic models. It is born of years of Microsoft research and development in areas ranging from hand and eye tracking and HoloLens development to creating persistent artificial intelligence models that can create expressive avatars.

Powered by Azure, which is Microsoft’s cloud computing platform, Microsoft Mesh will take advantage of Azure’s enterprise-grade security and privacy features, as well as the vast computational resources, data, AI and mixed reality services.

What Devices are supported for Microsoft Mesh geographically distributed teams?



Mesh will offer a suite of AI-powered tools to developers for creating avatars, session management, spatial rendering, and synchronization across multiple users; with holoportation to build collaborative solutions in mixed reality, and solutions working across many devices such as PCs, smartphones, Hololens 2, virtual reality headsets, and tablets.

In these collaborative experiences, the content isn't on the device or within any application, rather the holographic content is in the cloud. And you only need the special lenses to see it.

Microsoft introduces a new mixed-reality platform powered by Azure

Gootloader is the name given to the newly expanded delivery system employed by Gootkit RAT, a notorious banking Trojan that focuses on stealing banking credential.

While Gootkit was first documented in 2014, the JavaScript-based malware platform is fully capable of carrying out covert activities, ranging from capturing keystrokes to taking screenshots, web injection, recording videos, and also password theft.

According to Sophos, it thrives on the malware delivery method pioneered by the threat actors behind the REvil ransomware, which infection mechanism involves JavaScript-based framework that delivers a variety of payloads, including ransomware, filelessly.

How Gootloader expands its payload delivery systems



Gootloader employs a rather malicious SEO techniques to trick Google in order to alter search results, which search engine deoptimization serves as the first phase of the attack.



This is possible given that the operators of Gootloader maintain a network of servers hosting compromised legitimate websites, ostensibly belonging to legitimate business. And if visitors click on the link in the search result, they’re presented with a different site, which is a specific page that seems to answer their exact search question, using the same wording as the search query.

The visitor on clicking the “direct download link” on the page, downloads a .zip archive file with a filename that matches the search query used in the initial search, which contains another file that is named in precisely the same way. The JavaScript file is the initial infector, and serves as the only stage of the infection at which a malicious file is written to the filesystem.

And after the target double-clicks this script, it runs entirely in memory, out of the reach of traditional endpoint protection tools.

What's Gootloader Mode of Operations?



How the operators of Gootloader gain access to these websites to serve the malicious injects remains unclear, but Sophos researchers suspect the attackers may have obtained the secret login details by installing the Gootkit malware or by the purchase of stolen credentials from underground markets.

Furthermore, the criminals tend to reuse their proven techniques instead of developing new mechanisms, rather than actively attacking endpoint tools like other malware distributors, the creators of Gootloader opt for evasive techniques that conceal the end result.

Gootloader spreading via malicious ZIP files on compromised sites

The long awaited release of the Mandriva Linux based Mageia 8 has finally arrived, with such notable features as the new GL Vendor Neutral Dispatch (GLVND) that resolves issue with OpenGL support on Linux systems.

While Mageia is a GNU/Linux family that's available as free software which can be installed on PCs as the main operating system or as alternative to several pre-installed systems, known as dual boot.

The latest version of the software, Mageia 8 includes several new updates ranging from new packages to the latest Linux kernel to the graphical stack, and even upgraded base system.

What's New in Mageia 8 Stable Release



Besides the addition of new GL Vendor Neutral Dispatch (GLVND) that resolve issues with OpenGL support on Linux systems, Mageia ships the latest long-term support (LTS) Linux kernel version 5.10.16 that promises to provide better graphics and other core enhancements.



The new implementation of vendor-neutral libGL means that you can install Mesa and other third-party GL drivers in parallel, enabling improved performance and functionality as for hybrid GPU configurations. Also, Mageia 8 uses the video drivers for AMDGPU for newer cards, AMD/ATI graphics cards, and Radeon for older graphics cards. With other highlight features including:

  • Mesa 20.3.4
  • RPM 4.16.1.2, DNF v4.6.0
  • Glibc 2.32, GCC 10.2.1
  • LLVM 10.0.1, X.Org 1.20.10
  • LibreOffice 7.0.4.2
  • Plasma 5.20.4, GNOME 3.38, Xfce 4.16
  • MATE 1.24.2, LXQt 0.16.0, and Cinnamon 4.8.3.
  • RPM 4.16.1.2, DNF v4.6.0


Furthermore, Mageia 8 offers faster package metadata parsing using Zstd, and for UEFI boot, the rEFInd boot manager is supported as an alternative to GRUB2. The Java stack has also been upgraded to version 11, Python2 modules and other software like Iceape and PlayOnLinux have been removed in Mageia 8.

How to Download or Upgrade to Mageia 8 Stable Release



If you’re a new user to Mageia, and want to try out the latest version Mageia 8, you can download the torrent file or direct ISO image from the official page.

And for existing users who want to migrate to the latest version from previous release, there are more information about the upgrade path from Mageia 7 to 8 in the Mageia 8 release notes.

Mageia 8 Stable Release out with GLVND and better ARM support

Google has released the first Developer Preview of Android 12 after the usual release cycle and the next version of Android promises some really exciting new features, albeit the preview builds are intended for developer testing only.

While the Android 12 preview build is still highly unstable and capable of unexpected behavior, such as the UI lags and frequent app crashes, but the worst scenario that could happen is perhaps the lose of all the data on your smartphone if not properly backed up.

Below is a detailed roadmap for the Android 12 release, which also includes when all the developer previews, public beta builds and the final release will happen.

What are the Android 12 Developer Preview Phases?



The developer previews are released during the early months and these previews focus on new features and APIs for developers testing only and for making required changes after the developers must have given their feedback.



Android 12 Developer Preview phases will run from February 2021 for development and testing environments, including SDK tools, API reference, system images, and emulators. And the early baseline build will focus on developer feedback, with new features, APIs, and behavior changes, and priority window for feedback on APIs and report on any critical issues.

  • Developer Preview 1 (February)
  • Developer Preview 2 (March)
  • Developer Preview 3 (April)


Furthermore, the Developer Preview 2 is about incremental update with additional features, APIs, and behavior changes, with developers feedback and early app compatibility testing. While the Developer Preview 3 is update for stability and performance and getting apps ready for Public Betas.

Also, it includes system images for a variety of Pixel devices, including Pixel 4 / 4 XL, Pixel 3a / 3a XL, Pixel 3 / 3 XL, or Pixel 2 / 2 XL, for developing and testing.

What are the Android 12 Public Beta Phases?



The Public Beta phase is an over-the-air update to early adopters who enrolled in the Android Beta program. It involves continuous compatibility testing and feedback from Android Beta users.

And the second beta phase is more of Platform Stability milestone. With the Final APIs open for Play publishing and the final compatibility testing for apps, SDKs, and libraries.

  • Public Beta 1 (May)
  • Public Beta 2 (June)
  • Public Beta 3 (July)


The Release candidate build is the last phase of the public beta. It includes the release of compatible updates for apps, SDKs, and libraries.

The Final Release Date



The Final release for Android 12 to AOSP and the ecosystem is scheduled for Q3 2021 and includes the release of compatible updates for SDKs, apps, and libraries, with continuous work to target Android 12 build with new features and APIs.

If you are a developer and want to get started with testing the previews, you can install Android 12 on your device, or set up an emulator for compatibility testing by checking the Android 12 update page for more details.

Android 12 Roadmap: Developer Previews, Public Betas and Final Release Date

There is a sharp-rise in QuickBooks file data theft via social engineering tricks which tends to deliver malware in order to exploit the software.

While QuickBooks is a software package expressly developed for accounting by Intuit, and geared towards small and medium-sized businesses with offers like on-premises accounting applications and cloud-based versions with such facilities as managing and paying of bills, and payroll functions.

According to researchers at ThreatLocker, Cybercriminals employed new malware designed to exfiltrate data from Quickbooks and post on the Internet, with the attackers using phishing scam and social engineering tricks to deliver the malware.

How Attackers can exfiltrate data from Quickbooks



Attackers mainly use email to deliver malware to exploit the accounting software, and the method employed by attackers include sending a PowerShell command that runs inside of the email.



The attacks take the form of a PowerShell command which is capable of running inside an email, which if the recipient opens a document attached to the email, a link within that document downloads a malicious file from the internet. And once the PowerShell command is running, it enables the retrieval of the most recent Quickbooks files, and upload the file to the Internet.

Another method employed by bad actors is the running of a PowerShell command known as Invoke-WebRequests on target systems to upload relevant QuickBooks data to the Internet without having to download any malware. And as the attackers uses signed malware most of the time, it becomes even harder for antivirus or other threat detection software to detect.

These stolen data are often sold on the dark web, which according to the researchers, there are also instances where the attackers resort to bait-and-switch tactics in order to lure customers to make fraudulent bank transfers posing as suppliers.

How to Mitigate against QuickBooks File Data Theft



The attack increases exponentially when QuickBooks file permissions are set to "Everyone" group, as the attacker can now target individuals within the company, against targeting just a specific person with the right privileges.

Therefore, it is advised that users should be vigilant of these sort of attacks, and that file permissions are not set to the "Everyone" group to limit the exposure to further attacks. And if you're using a Database Server, always ensure to check the permissions on running database repairs and confirm the permissions are locked down.

QuickBooks File Data Theft via Social Engineering tricks

Offensive Security, the developer of Kali Linux has announced a new version, Kali Linux 2021.1, which is the first release for the year, with addition of new hacking tools and updated core packages.

The latest release is coming on the heels of Kali Linux 2020.4, which was the final release of 2020 series, that brought some exciting new penetration testing improvements and tools. Among the novel features in the previous update is Kali's official partnership with byt3bl33d3r, the author of CrackMapExec (CME) tool, which makes it possible for Kali Linux users to access newest changes in CME even before it is made public as the Kali package of CME now pulls update directly from its private codebase.

Kali Linux 2021.1 comes with upgraded core packages, including the Linux kernel which has been updated to its latest long-term support version 5.10 and desktop environments such as Xfce and KDE Plasma updated to version 4.16 and 5.20, respectively.

What's New in Kali Linux 2021.1 Release?



Besides the updated core packages, Kali Linux 2021.1 enables the feature of command-not-found package by default, which not only suggests that you install a package if not already installed, but also points out typo errord with correct word and the original message of “command not found” given for any invalid command not found in Kali.



And Kali Linux is teaming up with BC Security for an exclusive early access to its “Empire” (powershell-empire) and “StarKiller” and Joohoi for the renown Fuzz Faster U Fool (ffuf) tool.

Furthermore, the latest Kali Linux version has added new hacking tools, such as Chisel, Airgeddon, Arjun, GitLeaks, DumpsterDiver, and HTTProbe. Other major key updates, include: Workarounds for mate-terminal, terminator, tmux, konsole, and tilix; with upgraded BusyBox and Rucky tool to version 1.32.0 and 2.1, repsectively.

How to Download or Upgrade to Kali Linux 2021.1



If you’re an existing user of Kali Linux and want to upgrade from the previous version to Kali Linux 2021.1, you can easily upgrade your system by running the following commands:

$ echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" | sudo tee /etc/apt/sources.list

$ sudo apt update && sudo apt -y full-upgrade

$ [ -f /var/run/reboot-required ] && sudo reboot -f


And for those who are new to Kali, simply grab the new Kali 2021.1 ISO images which are now available for download with support for several platforms. Also, you can download the images for ARM-based devices such as Pinebook and Raspberry Pi.

Kali Linux 2021.1 Release: New hacking Tools and Updated core packages

Web tracking has evolved over the years, with modern trackers employed to monetize behavioral user logs through intrusive data collection.

According to researchers at Cornell University, there is a new large-scale anti-tracking evasion scheme that leverages CNAME records to include tracker resources in a same-site context, otherwise known as CNAME Cloaking, which effectively helps them to bypass anti-tracking measures that use fixed hostname-based block lists.

And this tracking scheme is gaining huge traction among high-traffic websites, with several privacy and security issues inherent to the CNAME-based tracking, which the researchers detected through a combination of automated and manual analyses.

Some online trackers are already using the technique against Safari browser, which recently added strict anti-tracking systems in place.

Why Online Trackers are Switching to Evasive CNAME Cloaking Technique



The rise of cookie-killing browser barriers put in place by the major browser vendors to enhance users privacy, makes it increasingly daunting on marketers to look for new techniques to evade the anti-tracking mechanisms employed by browser vendors.



The CNAME cloaking is perhaps the latest evasive technique, whereby websites use first-party subdomains as their aliases for third-party tracking domains through the CNAME records in the DNS configuration to circumvent online tracker-blockers.

As DNS records allow for mapping a domain or subdomain to another, that is an alias, it makes them ideal means to sneak tracking code as a first-party subdomain. Thus, CNAME cloaking allows tracking code to look like first-party when it is not, with resources resolving through a CNAME that differs from the first party domain.

How the Major Browsers look to Mitigate CNAME Cloaking



Mozilla had been a major advocate of the browser-side protection that block websites from following web users online, which online tracking has been proven to benefit advertisers who target specific users, even though it invades their privacy.

Although Mozilla Firefox for now doesn't block CNAME cloaking out of the box, but users can use add-on like uBlock Origin to block any first-party tracker. But, the company has began the roll out of Firefox 86 which boasts of such privacy features as Total Cookie Protection that prevents every cross-site tracking by "confin[ing] all the cookies from each website in a separate cookie jar."

Apple on it's part has released iOS 14.4 with additional safeguards for Safari browser that build upon its ITP feature to shield third-party CNAME cloaking, albeit it does not yet offer a means to unmask and block the tracker domain.

New DNS-based Tracking Evasion employed by Advertising networks