- Smart Intel Briefing
- Posts
- The Cybersecurity Crucible - Forging Hard Targets – 13 October 2023 | KD Sec & Tech Secure
The Cybersecurity Crucible - Forging Hard Targets – 13 October 2023 | KD Sec & Tech Secure
Unveiling the Latest in Cybersecurity & Tech: From Threats to Solutions - Friday the 13th Edition
Introduction
Hello, Hard Targets!
Welcome back, Hard Targets! We're thrilled to have you with us for another issue packed with valuable insights and updates. This edition is exceptional, not just because of the wealth of information we're sharing but also due to the captivating artwork that adorns its pages.
Drawing inspiration from the eerie aura of Friday the 13th, our artwork boasts red backgrounds with striking black and gold accents, all rendered in the unique style of Anamorphis. While we've included many of these artistic masterpieces in this issue, even more, didn't make the cut. But fret not! You can feast on these additional pieces by visiting our Instagram page: kdsecntech.
For those of you who are joining us for the first time, consider this newsletter your go-to resource for staying updated in the ever-evolving world of cybersecurity. We aim to transform our readers into "Hard Targets" – well-informed and resilient individuals against the myriad of cyber threats lurking in the digital realm. If you find value in our content, we encourage you to Subscribe here and join our growing community.
Our commitment to delivering timely and relevant content is unwavering. As such, we release new issues semi-weekly, every Monday and Friday, ensuring you're always in the loop. In this issue, you'll find a mix of the latest cybersecurity news, tips, vulnerabilities, and more. Dive in and arm yourself with the knowledge to stay one step ahead!
Stay vigilant and stay safe, Hard Targets!
Cybersecurity Pop Quiz
Test Your Cybersecurity Knowledge With Our Quick Quiz: Are You a True Hard Target?
Question 1: Which of the following is a primary concern when using Internet of Things (IoT) devices in a home network?
a) Increased internet speed
b) Compatibility with other devices
c) Vulnerability to cyberattacks
d) Energy consumption
Question 2: In cybersecurity, what does the "Least Privilege" principle refer to?
a) Granting users only the permissions they need to perform their job functions
b) Ensuring that all users have admin rights for flexibility
c) Limiting the number of applications on a device
d) Restricting internet access to a few websites
Question 3: What is the primary goal of a Distributed Denial of Service (DDoS) attack?
a) To gain unauthorized access to sensitive data
b) To spread malware across a network
c) To overwhelm a system or network, causing it to become unavailable
d) To impersonate a user for fraudulent transactions
Answers:
c) Vulnerability to cyberattacks
a) Granting users only the permissions they need to perform their job functions
c) To overwhelm a system or network, causing it to become unavailable
Cybersecurity News and Emerging Technology
Apple and Google Digital Wallets to Be Brought Under Payment Rules for Credit Cards, EFTPOS
Source: ABC News
Summary: The federal government is set to impose rules on Apple and Google's digital wallets, similar to those already in place for credit cards and EFTPOS transactions. This move aims to offer better protection to consumers. About 35% of card transactions in the June quarter were made using digital wallets, a significant increase from 10% in early 2020. The Treasurer has released draft legislation to reform the Payment Systems (Regulation) Act, emphasizing the need for digital payment systems to be regulated similarly to credit cards and EFTPOS.
What’s the importance of this article? The article highlights the growing use of digital wallets and the government's efforts to regulate them in the same way as traditional payment methods. This is crucial as it ensures that consumers are protected and that there's transparency in the digital payment landscape.
How could this affect me? If you use digital wallets like Apple Pay or Google Pay, these changes could mean more transparency around costs and potentially better consumer protection. It's essential to be aware of these changes and understand the implications for your digital transactions.
The New PS5 Design is Thinner, Upgrades to 1TB SSD
Source: Tom's Hardware
Summary: Sony is set to launch new versions of the PS5 and PS5 Digital Edition with 1TB of internal storage and a significantly slimmed-down form factor. These new models will replace the current ones and will be available starting in November. The PS5 Digital Edition will see a price increase of $50, and an optional Ultra HD Blu-ray disc drive can be added for an additional $70.
What’s the importance of this article? The article informs about Sony's latest updates to its PS5 console, emphasizing the increased storage and slimmer design. This is significant for gamers and those interested in the latest tech developments.
How could this affect me? If you're considering purchasing a PS5 or upgrading your current model, this information is crucial. The new design and increased storage might influence your buying decision, and being aware of the price changes can help you budget accordingly.
DDoS Vulnerability in HTTP/2 Could Have Disrupted Major Online Platforms
Source: The Verge
Summary: A significant DDoS vulnerability in HTTP/2 could have caused massive disruptions to major online platforms. Fortunately, the vulnerability was discovered and mitigated before any potential exploitation. Platforms like Amazon AWS, Cloudflare, and Google Cloud were among those that could have been affected.
What’s the importance of this article? The article underscores the constant threats in the digital world and the importance of proactive measures to identify and mitigate vulnerabilities. It's a reminder of the interconnectedness of online platforms and the potential cascading effects of a single vulnerability.
How could this affect me? If you rely on platforms like Amazon AWS, Cloudflare, or Google Cloud for personal or business purposes, a disruption could have had direct implications for you. It's essential to be aware of such vulnerabilities and possibly have contingency plans in place.
Character AI Introduces Group Chats Where People and Multiple AIs Can Converse
Source: TechCrunch
Summary: Character AI has unveiled a new feature allowing group chats where humans can interact with multiple AI entities simultaneously. This development is seen as a significant step forward in the realm of AI-human interaction, offering diverse conversational experiences.
What’s the importance of this article? The article highlights advancements in AI technology, particularly in the realm of human-AI interaction. As AI becomes more integrated into our daily lives, such developments pave the way for more dynamic and enriched conversational experiences.
How could this affect me? If you use AI-driven platforms or are interested in AI technology, this development could offer you a unique and enhanced conversational experience. It's a glimpse into the future of how humans might regularly interact with AI entities.
Booz Allen Leads AI Deployment for the US Government
Source: Booz Allen
Summary: Booz Allen Hamilton, a renowned management and technology consulting firm, is spearheading the integration of AI solutions within the US government's operations. Their initiatives are not limited to a single domain; they span across various departments from defense to healthcare. By leveraging advanced AI technologies, Booz Allen aims to optimize processes, enhance decision-making, and introduce innovative solutions tailored to the unique challenges faced by government agencies.
What’s the importance of this article? The collaboration between Booz Allen and the US government underscores the pivotal role AI is beginning to play in public sector operations. As one of the leading consulting firms, Booz Allen's involvement signals a significant commitment from the government to harness the power of AI. This partnership is a testament to the trust placed in AI's capabilities and its potential to drive transformation on a national scale.
How could this affect me? For professionals working in industries that intersect with government operations or those invested in the trajectory of AI innovations, this is a significant development. It's a clear indication of the direction in which large-scale organizations, like the US government, are moving. As AI continues to permeate various sectors, its potential to bring about efficiency and innovation becomes more evident. This could lead to new opportunities, standards, and even challenges in the near future.
Cybersecurity General Tip of the Issue
Tip of the Day: Review Your App Permissions
Many apps request permission to access certain features of your device, such as your camera, microphone, location, or contacts. While some of these permissions are essential for the app to function correctly, others might be unnecessary, potentially compromising your privacy or security.
Why it's important:
Privacy Concerns: An app with access to your location or contacts might share this data with third parties.
Security Risks: Malicious apps can misuse permissions to access sensitive information.
Resource Usage: Some permissions might cause apps to use more battery, data, or storage than needed.
What you can do:
Regularly Review Permissions: Take a few minutes every month to check the permissions of your apps. Remove any that aren't necessary.
Download Wisely: Only download apps from trusted sources, and read reviews and descriptions before installing.
Understand Permissions: If an app is a simple flashlight and asks for your contacts and location, that's a red flag.
Remember, just because an app asks for a permission doesn't mean you have to grant it. Always think about whether the app genuinely needs that permission to function. If not, it's safer to deny the request.
The Apple Ecosystem
New iPhone 15 Pro Overheating Reports: Still Too Hot After iOS 17.0.3 and Fresh Issues Arise After the Update
Source: ZDNet
Summary: After the release of iOS 17.0.3, which was supposed to resolve the overheating issue when fast-charging, some iPhone 15 Pro users are still reporting problems with their phones getting too hot. The reports indicate that the phones overheat during various activities such as making phone calls, playing games, keeping their phone in their pocket, playing music, and using the camera. Some users have also reported a new screen burn-in issue.
What’s the importance of this article? Overheating can lead to decreased device performance, reduced battery life, and in extreme cases, can even be a safety hazard. It's crucial for iPhone 15 Pro users to be aware of these issues and monitor their devices.
How could this affect me? If you own or are considering purchasing an iPhone 15 Pro, you should be aware of these potential issues. It might be a good idea to monitor your device's temperature, especially during intensive tasks, and to keep an eye out for any updates from Apple addressing these concerns.
Apple Plans Smaller, Lighter Vision Headset; Meta Works on Cheaper Quest 3, AR
Source: Bloomberg
Summary: Apple and Meta, two giants in the tech industry, are not just resting on their laurels with the impending releases of the Vision Pro and Quest 3, respectively. They are already deep into the development of their successors. Apple's focus for its next Vision Pro is to enhance user comfort by making it lighter and more compact, ensuring prolonged usage without discomfort. This move is likely in response to user feedback and the company's commitment to delivering superior user experiences. On the other hand, there's a buzz around the Apple Watch Ultra 2, which is set to introduce the 'Double Tap' gesture, a feature that promises to redefine user interaction with the device. Furthermore, Jony Ive, Apple's former Chief Design Officer, has made a surprising investment in a high-end blender made of aluminum and stainless steel, hinting at his continued interest in product design and innovation.
Meta, previously known as Facebook, is also making strides with its Quest 3. The company is reportedly working on a more affordable version, aiming to make AR and VR experiences accessible to a broader audience. This move aligns with Meta's vision of creating a comprehensive metaverse, where cost shouldn't be a barrier to entry.
What’s the importance of this article? This article sheds light on the relentless pace of innovation in the tech industry. Companies like Apple and Meta are constantly pushing boundaries, refining their products based on user feedback, and anticipating market needs. Their commitment to improvement and evolution is a testament to their dominant positions in the tech world. For tech enthusiasts, industry professionals, and consumers alike, understanding these advancements offers a glimpse into the future of technology and its impact on our daily lives.
How could this affect me? For those deeply entrenched in the Apple or Meta ecosystems, these revelations could be pivotal. They offer a preview of what to expect in terms of product enhancements, new features, and overall user experience. Whether you're considering an upgrade or are just keen on the latest tech trends, this information is invaluable. Moreover, the rapid innovations underscore the tech industry's dynamic nature, highlighting the need to stay informed to make well-informed decisions, be it for personal use or professional recommendations.
The Apple Ecosystem Security Tip of the Issue
Review Your App Permissions on Apple Devices
Summary: On Apple devices, many apps request permission to access specific features, such as your camera, microphone, location, or contacts. While some permissions are crucial for the app's functionality, others might be superfluous and could compromise your privacy or security.
Why is this important?
Privacy Concerns: An app with access to your location or contacts on your iPhone or Mac might share this data with third parties.
Security Risks: Malicious apps on the App Store can misuse permissions to access sensitive information.
Resource Usage: Unnecessary permissions on apps can lead to excessive battery, data, or storage usage on your Apple device.
How to Implement on Apple Devices:
iOS and iPadOS:
Go to Settings > Privacy.
Here, you'll see a list of features (like Location Services, Contacts, etc.). Tap on a feature to see which apps have requested access and toggle off any that you feel are unnecessary.
macOS:
Go to System Preferences > Security & Privacy.
Click on a specific feature tab like Camera or Microphone to see which apps have requested access. Uncheck any apps that you feel shouldn't have that permission.
Download Wisely on App Store: Only download apps from trusted developers, and always read reviews and descriptions before installing on your Apple device.
Understand Permissions: Be cautious if an app, for instance, a simple note-taking app on your iPad, asks for permissions like location or camera access. It's a potential red flag.
Always be proactive in understanding and managing app permissions on your Apple devices. It's not just about privacy but also about ensuring your device's optimal performance and security.
Samsung & Android
Android Circuit: Samsung Galaxy S23 FE Released, OnePlus And Oppo Fold Together, Powerful Pixels Arrive
Source: Forbes
Summary: The Android ecosystem is buzzing with activity, showcasing a plethora of advancements and launches. Android 14, the latest iteration of the popular mobile OS, has been unveiled, promising enhanced features, improved security, and a more intuitive user experience. Google's Pixel lineup sees the addition of Pixel 8 and Pixel 8 Pro, both of which are expected to push the boundaries in terms of performance, camera capabilities, and overall user experience. The Pixel Watch 2 is also making headlines, hinting at Google's ambition to further solidify its presence in the wearable tech segment.
Samsung, a stalwart in the Android domain, has released the Galaxy S23 FE, a phone that aims to offer flagship features at a more affordable price point. This release is particularly significant as it underscores Samsung's commitment to delivering premium experiences across different price segments.
In a surprising turn of events, OnePlus and Oppo, two major players in the Android market, are reportedly collaborating on foldable technology. This partnership could potentially reshape the foldable phone landscape, offering users innovative designs and functionalities.
Sony's Xperia 5 V is also in the spotlight, with reviews praising its performance, design, and camera capabilities. This device further cements Sony's position as a formidable competitor in the high-end smartphone segment.
Lastly, Murena, a company known for championing user privacy, has initiated a Kickstarter campaign for its Murena 2 phone. This device emphasizes robust privacy features, ensuring users have control over their data and digital footprint.
What’s the importance of this article? This article encapsulates the rapid pace of innovation and competition in the Android market. From major OS updates to groundbreaking device launches, the Android ecosystem is in a state of constant evolution. For tech enthusiasts, industry stakeholders, and consumers, this article offers a holistic view of where Android stands today and where it's headed. It's a testament to the industry's commitment to innovation, user experience, and market diversity.
How could this affect me? For anyone invested in the Android ecosystem, be it as a user, developer, or tech enthusiast, these developments are of paramount importance. They provide insights into the direction the industry is taking, potential shifts in market dynamics, and emerging trends. Whether you're contemplating a new device purchase, developing apps, or just keen on staying updated, this information offers a competitive edge. It helps in making informed decisions, understanding market nuances, and anticipating future trends.
Samsung Earnings Preview Q3 2023: Chip Losses Weigh on Profit
Source: CNBC
Summary: Samsung Electronics' earnings are projected to drop nearly 80% in Q3, as per analyst predictions. The semiconductor business, usually Samsung's primary profit source, is anticipated to report a loss of over 3 trillion won ($2.2 billion) for Q3. Memory chip prices have decreased significantly this year due to oversupply and reduced demand for products like smartphones and laptops.
What’s the importance of this article? The article highlights the challenges faced by Samsung in the semiconductor sector, which has traditionally been a significant profit driver for the company.
How could this affect me? If you're an investor or stakeholder in Samsung or the semiconductor industry, these financial insights could be crucial for your investment decisions. Additionally, as a consumer, the dynamics of the semiconductor market can influence the pricing and availability of electronic products.
Samsung & Android Security Tip of the Issue
Review Your App Permissions on Android Devices
Summary: Just like other platforms, Android apps often request permissions to access various device features. These can range from the camera, microphone, and location to contacts and storage. While some permissions are vital for the app's functionality, others might be superfluous and can pose potential privacy or security risks.
Why is this important?
Privacy Concerns: An app with unwarranted access to your location, contacts, or other sensitive data might share this information with third parties without your knowledge.
Security Risks: Malicious apps can exploit permissions to gather sensitive data or perform unwanted actions.
Resource Usage: Granting unnecessary permissions can lead to increased battery consumption, data usage, or storage clutter.
How to Implement:
Access Permissions Settings: On your Android device, go to
Settings
>Apps & notifications
>See all apps
.Review App Permissions: Select an app and tap
Permissions
to see what permissions the app has access to. Toggle off any permissions that seem unnecessary.Be Cautious with New Apps: When installing new apps from the Play Store, carefully review the permissions the app requests before confirming. If an app's permissions seem excessive for its function, reconsider downloading it.
Use Permission Manager: On Samsung Galaxy devices, you can use the built-in Permission Manager to get an overview of which apps have access to specific permissions.
Regularly Review Permissions: Make it a habit to check app permissions every few weeks to ensure your privacy and security remain intact.
Microsoft & Windows
Microsoft owes an astounding $28.9 billion in back taxes, IRS says after audit
Source: Fortune
Summary: Microsoft is set to appeal a decision by the US Internal Revenue Service (IRS) that claims the tech giant owes at least $28.9 billion in taxes. This decision is related to how Microsoft allocated income and expenses among its global subsidiaries from 2004 to 2013. The dispute originates from a 2012 IRS audit into transfer pricing, a method used by companies to shift profits to tax havens. Microsoft had been moving billions in profits to jurisdictions like Puerto Rico, which has a significantly lower corporate tax rate. The company has since changed its corporate structure and practices, making the issues raised by the IRS no longer relevant to its current income recording methods.
What’s the importance of this article? The article highlights the ongoing battle between major corporations and tax authorities over the use of tax havens and transfer pricing methods. The outcome of this case could set a precedent for other companies facing similar audits and could influence future tax policies.
How could this affect me? For investors or stakeholders in Microsoft, the outcome of this appeal could impact the company's financial standing. Additionally, if Microsoft is required to pay the proposed tax bill, it might influence their future investment and operational decisions.
Snapdragon X processor for Windows laptops to rival Apple MacBooks
Source: Forbes
Summary: Qualcomm's Snapdragon X processor is set to be introduced in Windows laptops, positioning it as a direct competitor to Apple's MacBook lineup. This move is seen as an attempt to break Intel's dominance in the laptop processor market and offer consumers more choices. The Snapdragon X processor promises better battery life and integrated 5G capabilities.
What’s the importance of this article? The introduction of the Snapdragon X processor in Windows laptops signifies a potential shift in the laptop market dynamics. It could challenge the current market leaders and offer consumers more diverse options with enhanced features.
How could this affect me? If you're in the market for a new laptop, this development means more choices with potentially better battery life and integrated 5G capabilities. It could also lead to competitive pricing as brands vie for consumer attention.
Microsoft’s Tweaks to $69 Billion Activision Deal Avoid EU Probe
Source: Yahoo Finance
Summary: Microsoft's revised $69 billion acquisition of Activision Blizzard is set to bypass another European Union probe. This paves the way for the gaming industry's most significant deal to close as soon as the UK's antitrust regulator gives its expected approval. The European Commission believes that changes made to win over the UK Competition and Markets Authority don't require another approval process in Brussels.
What’s the importance of this article? The article underscores the complexities and regulatory hurdles major corporations face when executing significant acquisitions. The successful navigation of these challenges by Microsoft could set a precedent for future mega-deals in the industry.
How could this affect me? For gamers and stakeholders in the gaming industry, the successful acquisition could lead to new gaming experiences and integrations. It might also influence the strategic decisions of other players in the industry.
Microsoft & Windows Security Tip of the Issue
Review Your Windows Privacy Settings
Summary: Windows, like many operating systems, has a plethora of privacy settings that can be adjusted to better protect your personal information. These settings control how Windows and other Microsoft services access and use your data. Regularly reviewing and adjusting these settings can significantly enhance your digital privacy.
Why is this important? With the increasing number of data breaches and cyber threats, ensuring that your personal data is not unnecessarily exposed is crucial. By default, many of these settings might be set to share more information than you'd like, potentially putting your privacy at risk.
How to Implement:
Go to Settings on your Windows device.
Click on Privacy.
Review each tab (e.g., Location, Camera, Microphone) to see which apps have access to that particular feature.
Turn off access for apps that don't need it.
Additionally, review other settings like Feedback & diagnostics and Activity history to control the data Microsoft collects.
Remember to revisit these settings periodically, especially after major updates, as new settings or options might be introduced.
Scams to Watch Out For
Look out for these healthcare scams
Source: YouTube
Summary:
The video discusses the rising scams related to healthcare, specifically targeting Medicare and Medicaid programs. Scammers are exploiting the recent expansion of healthcare programs to deceive vulnerable adults, especially seniors. They use fear tactics, claiming that the individual's Medicare benefits will be cut off or that the proper paperwork wasn't filed. These scammers often pose as Medicare or Medicaid representatives, using official-looking documents, websites, emails, and texts to trick individuals into believing they are dealing with legitimate entities. The video emphasizes that Medicare and Medicaid will never contact individuals via text, email, or phone calls. The primary goal of these scammers is identity theft, aiming to obtain personal information such as Medicare numbers and Social Security numbers.
Key Takeaways:
Scammers are exploiting the recent expansion of Medicaid, especially with the upcoming launch targeting a wider audience in North Carolina.
They use official-looking documents, websites, emails, and texts to deceive individuals.
Medicare and Medicaid will never contact individuals via text, email, or unsolicited phone calls.
It's essential to safeguard personal information, especially Medicare numbers and Social Security numbers.
Always verify the authenticity of any communication related to Medicare or Medicaid before taking any action.
Thank You, Hard Targets!
Thank you, dear subscribers, for dedicating your time to read through this issue. Your continuous support is immensely appreciated, and it fuels our commitment to bringing you valuable content each time.
We're on a mission to grow our community of Hard Targets, and we need your help! If each one of you could encourage just one friend or family member to subscribe before our next issue, it would make a significant difference. This collective effort will not only expand our Hard Targets community but also enable us to provide you with better content, exclusive discounts on tech and security products, and top-notch services.
Remember, there's strength in numbers. By growing our community, we enhance our resilience and fortify our defenses against the myriad of cyber threats lurking in the digital shadows. As Hard Targets, we stand united, informed, and unyielding in the face of adversity.
Once again, thank you for your unwavering support. Let’s continue to stand strong as Hard Targets, vigilant and unassailable, as we navigate through the complex landscape of cybersecurity together.
Reply