• Smart Intel Briefing
  • Posts
  • The Cybersecurity Crucible - Forging Hard Targets - 15 Sep 2023 | KD Sec & Tech Secure

The Cybersecurity Crucible - Forging Hard Targets - 15 Sep 2023 | KD Sec & Tech Secure

Molding Cyber Hard Targets One Issue at a Time

Introduction

Greetings, Hard Targets!

Welcome to the latest edition of "The Cybersecurity Crucible - Forging Hard Targets." As we journey deeper into the vast expanse of the digital universe, the challenges we face grow more complex. This issue is designed to be your beacon, illuminating the murkier corners of the cyber realm with insights on the newest cybersecurity trends, technological breakthroughs, and the craftiest scams currently making their rounds.

If this edition of The Cybersecurity Crucible edifies you, I urge you to share it with your circle. This content summary and artwork are free; please share the subscribe link with others so that they become less likely to fall into the grasp of cybercriminals. Subscribe!

Stay on guard, remain updated, and let's forge every Soft Target into a Hard Target!

This crucible of knowledge will be delivered to your inboxes twice a week. I enjoy making this content, and I hope that you will enjoy reading it.

Cybersecurity Pop Quiz

Test your cybersecurity knowledge with our quick quiz. Let's see if you're a true Hard Target!

Question 1

Which of the following is a technique used by attackers to disguise malicious activity as normal traffic?

  • a) Port mirroring

  • b) Steganography

  • c) Traffic shaping

  • d) Beaconing

Question 2

What does the term "Zero-Day" refer to in cybersecurity?

  • a) A day without any cyber attacks

  • b) A software vulnerability that the vendor is unaware of

  • c) The day a new security software is released

  • d) The first day a new employee starts at a cybersecurity firm

Question 3

Which of these is NOT a type of malware?

  • a) Ransomware

  • b) Adware

  • c) Debugger

  • d) Spyware

Answers:

  1. d) Beaconing

  2. b) A software vulnerability that the vendor is unaware of

  3. c) Debugger

Cybersecurity News and Emerging Technology

5 Technologies That Will Transform Enterprises, According to Gartner

Source: ZDNET

Summary: Gartner has identified five technologies that enterprises should consider adopting to enhance their business capabilities. These technologies include digital humans, satellite communications, tiny ambient IoT, secure computation, and autonomic robots. The selection was based on their transformative potential and their ability to enable new business models or significant new capabilities.

What’s the importance of this article? The article sheds light on the technologies that are deemed to be transformational in the near future. Enterprises looking to stay ahead in the digital age would benefit from understanding and potentially adopting these technologies.

How could this affect me? As these technologies become mainstream, they could redefine how businesses operate, leading to new job roles, business models, and consumer experiences. Being aware of these technologies could provide a competitive edge in various professional fields.

AI Intervention: How To Help Get Employees Comfortable With Emerging Technologies

Source: Forbes

Summary: The article discusses the increasing importance of Artificial Intelligence (AI) in the workplace. While intelligent technologies have been a topic of interest for over a decade, the focus has shifted from adoption to the right way of integrating them for employees. The article emphasizes the need for transparency and ethical considerations when implementing AI. It also highlights the importance of ensuring that employees feel optimistic and secure with these technologies.

What’s the importance of this article? As AI continues to play a pivotal role in various industries, organizations must ensure that their employees are comfortable and well-informed about its implementation. This article sheds light on the best practices and considerations that can help in achieving this.

How could this affect me? As AI becomes more prevalent in the workplace, understanding its implications and being prepared for its integration can impact one's adaptability and efficiency in a tech-driven environment.

Does Apple’s Double-Tap Gesture Solve The Mobile/Human Interface Problem?

Source: Computerworld

Summary: Apple recently showcased a new gesture for its latest Apple Watch: a two-finger tapping motion. This gesture could pave the way for a revolutionary method of interacting with technology. While smartphones like the iPhone 12 have surpassed PCs in terms of power, they haven't replaced them due to interface limitations. The introduction of gestures like the double tap could change this dynamic. The double-tap feature allows Apple Watch users to execute commands without physically touching their device. This gesture, combined with potential advancements in sign language recognition and head-mounted displays, could redefine human-computer interaction.

What’s the importance of this article? The article highlights the potential of Apple's new double-tap gesture to revolutionize the way we interact with technology. As devices become more powerful, the traditional interfaces (like keyboards and mice) become limiting. This gesture, along with other potential advancements, could pave the way for more intuitive and efficient human-computer interactions.

How could this affect me? If such gestures become mainstream, the way we interact with our devices could change significantly. This could lead to faster and more efficient workflows, especially for professionals who rely heavily on technology. Additionally, it could mean that future devices will be designed with these gestures in mind, influencing purchasing decisions.

Cybersecurity Tip of the Issue

Enable Multi-Factor Authentication (MFA)

With cyber threats on the rise, a single password is no longer enough to secure your online accounts. Multi-Factor Authentication (MFA) adds an extra layer of protection by requiring two or more verification methods. This could be something you know (password), something you have (a phone or hardware token), or something you are (fingerprint or facial recognition).

Why is this important?
Even if a hacker manages to steal your password, they won't be able to access your account without the second verification method. It's a simple step that can significantly boost your online security.

How to implement:
Most online services, from email providers to banking websites, now offer MFA. Check the security settings of your accounts and enable MFA wherever possible. Remember, the few extra seconds it takes to verify can save you countless hours and stress in the future.

Platform-Specific Vulnerabilities and Pertinent News

iOS

Apple Announces iPhone 15 Pro With Titanium Design, USB-C Port, Action Button, A17 Pro Chip, and More

Source: MacRumors

Summary: Apple has unveiled its latest flagship smartphones, the iPhone 15 Pro and iPhone 15 Pro Max. These new devices come with several notable features, including a titanium frame, the A17 Pro chip, an Action Button, and more. The titanium chassis is designed to make the iPhone lighter than previous Pro models while increasing its durability. The new iPhones also feature Apple's A17 Pro chip, which promises faster CPU and GPU performance. Additionally, the camera system has been enhanced, and the iPhone 15 Pro models now come with a USB-C port for charging and data transfer.

What’s the importance of this article? This announcement from Apple introduces the next generation of iPhones, which are expected to set the standard for smartphones in the coming year. With advancements in hardware, camera technology, and the introduction of the USB-C port, Apple continues to innovate and push the boundaries of what's possible in a smartphone.

How could this affect me? If you're an iPhone user or considering an upgrade, this article provides insights into the latest features and improvements that the new iPhone 15 Pro models offer. Whether you prioritize camera quality, performance, or design, understanding these new features can help you make an informed decision about whether the iPhone 15 Pro is right for you.

Five Important iOS 17 Security Features Coming to iPhone

Source: 9to5Mac

Summary: Apple is set to release iOS 17 to all users on September 18, bringing with it a range of new security and privacy features. Among the highlights are the ability to lock private windows in Safari with Face ID, enhanced tracking prevention, the auto-deletion of verification codes, new Photos privacy permissions, and an automatic "Check In" feature in Messages that alerts selected contacts when you've reached a specific destination.

What’s the importance of this article? With the increasing threats to digital privacy and security, Apple's focus on enhancing the security features in its latest iOS update is crucial. These features not only provide users with more control over their data but also offer added layers of protection against potential breaches and threats.

How could this affect me? If you're an iOS user, these updates will directly impact your device's security and privacy. Features like enhanced tracking prevention can protect your browsing habits, while the new Photos privacy permissions give you more control over which apps can access your photos. The "Check In" feature can also enhance personal safety, especially when traveling to new or unfamiliar locations.

Android

Google Wants to Turn Your Car Into an Android Tablet with Wheels

Summary: Google is enhancing the capabilities of Android Auto and Android Automotive by introducing several new applications. Notably, Vivaldi, The Weather Channel, and Amazon Prime Video are being added. Android Auto users can now conduct meetings in their cars using Zoom and WebEx. Additionally, they can browse the web through Vivaldi when parked. On the other hand, vehicles equipped with Android Automotive will soon have access to The Weather Channel and Amazon Prime Video, offering real-time weather updates and entertainment options while the vehicle is stationary.

What’s the importance of this article? This article highlights Google's continuous efforts to integrate and enhance the Android experience within vehicles. By introducing popular applications like Zoom, WebEx, and Amazon Prime Video, Google is aiming to make the in-car experience more versatile and user-friendly, especially during times when the vehicle is parked.

How could this affect me? If you use Android Auto or Android Automotive, these updates can significantly enhance your in-car experience. Whether you're waiting in your car and want to catch up on a show on Amazon Prime Video, need to quickly join a Zoom meeting, or want to check the weather before heading out, these features aim to make your time in the car more productive and entertaining.

One UI 6 for Galaxy S23 Takes Another Step Towards Its Stable Release

Summary: Samsung has released the third beta of One UI 6 for the Galaxy S23 series. This update brings several improvements, including enhanced playback controls for the video player, tweaks to emoji appearance, and an updated media panel that defaults to an expanded view. Despite these enhancements, some users have reported issues with laggy animations, which Samsung has acknowledged and promised to address in future updates. The One UI 6 beta 3 is currently available in the US, Germany, and India.

What’s the importance of this article? Samsung's One UI 6 represents the company's latest efforts to refine its software experience for Galaxy users. As the company moves closer to a stable release, understanding the changes, improvements, and potential issues in these beta updates can provide insights into what to expect in the final version.

How could this affect me? If you're a Galaxy S23 user or considering purchasing one, these updates give a glimpse into the software experience you can anticipate. Being aware of the new features and potential issues can help you make informed decisions about updating your device or adjusting settings to optimize your user experience.

macOS

macOS Sonoma Releases to Everyone September 26, What's New?

Source: 9to5Mac

Summary: Apple has officially announced the release date for macOS 14 Sonoma, which is set for September 26. This major software update for Mac users was unveiled at the "Wonderlust" Apple Event. The update introduces a plethora of new features, including interactive widgets, dynamic screen savers, significant upgrades to Safari, and more. Once released, users can find the update on their Mac under Settings -> General -> Software Update. The update is compatible with a range of devices, including iMac 2019 and later, iMac Pro 2017, Mac Pro 2019 and later, and several others.

What’s the importance of this article? This article provides insights into the upcoming macOS Sonoma update, highlighting its new features and improvements. As Apple's next major software update for Mac users, macOS Sonoma represents the company's latest efforts to enhance the user experience, offering new functionalities and tools that can potentially improve productivity and user engagement.

How could this affect me? If you're a Mac user, this update can bring your device a fresh and enhanced experience. The introduction of features like interactive widgets and dynamic screen savers can provide a more immersive and personalized user experience. Additionally, the significant upgrades to Safari can offer a more streamlined and efficient browsing experience. Staying updated with these changes can help you make the most of your Mac device.

Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks

Summary: A new information-stealing malware named MetaStealer is actively targeting Apple macOS. This malware is the latest addition to a growing list of stealer families that focus on macOS. Threat actors are specifically targeting macOS businesses by posing as fake clients, attempting to trick victims into launching malicious payloads. MetaStealer is distributed as rogue application bundles in disk image format (DMG). In some instances, the malware has been disguised as Adobe files or Adobe Photoshop installers. The malware's primary component is an obfuscated Go-based executable designed to harvest data from iCloud Keychain, saved passwords, and files from the compromised host.

Exploitation: MetaStealer is distributed to victims in the form of rogue application bundles in disk image format (DMG). Targets are approached by threat actors posing as prospective design clients who share a password-protected ZIP archive containing the DMG file. In some cases, the malware has been observed masquerading as Adobe files or installers for Adobe Photoshop.

Mitigation: Users are advised to be cautious when downloading and installing software, especially from unknown sources. It's essential to verify the authenticity of the software and the source before installation. Regularly updating security software and macOS can also help in detecting and preventing such threats.

Windows 10

Windows 10 KB5030211 Update Released with 11 Improvements

Summary: Microsoft has rolled out the Windows 10 KB5030211 and KB5030214 cumulative updates for versions 22H2, 21H2, and 1809 to address issues with the operating system. Released as part of the September 2023 Patch Tuesday, these updates will install automatically due to their critical security fixes. The new features introduced include a Windows Backup app, enhanced location detection for improved weather, news, and traffic information, and notification badging for Microsoft accounts on the Start menu. The update also brings support for daylight saving time (DST) changes in Israel, fixes for the search box, and addresses issues affecting the Group Policy Service and settings synchronization.

What’s the importance of this article? This article emphasizes Microsoft's commitment to refining the Windows 10 experience by addressing known issues and introducing new features. Regular updates, especially those released during Patch Tuesdays, are crucial for maintaining system security and functionality.

How could this affect me? If you're a Windows 10 user, this update is essential for your system's security and overall performance. The introduction of new features can enhance your user experience, while the fixes ensure that known issues do not hinder your system's functionality. It's always recommended to keep your system updated to benefit from the latest security patches and improvements.

Intel Doesn't Plan to Support Wi-Fi 7 on Windows 10

Source: The Register

Summary: A recently leaked Intel document indicates that Intel's next-generation Wi-Fi chipset will only support Windows 11 and later versions. This revelation comes as Windows 10 is nearing its end of life, with its official termination date set for October 14, 2025. The timeframe aligns with the expected release of Wi-Fi 7 (IEEE 802.11be), which is anticipated to start shipping next year. According to the leaked Intel document, the company plans to support Wi-Fi 7 only on Windows 11, ChromeOS, and Linux. This poses challenges for users who plan to continue using Windows 10, especially if their hardware lacks TPM2 chips.

What’s the importance of this article? The article underscores Intel's strategic decision to focus its next-gen Wi-Fi chipset support on newer operating systems, leaving out Windows 10. This move can have implications for businesses and individual users who might not transition to Windows 11 immediately, potentially limiting their access to the latest Wi-Fi technology.

How could this affect me? If you're a Windows 10 user and plan to continue using it beyond its end-of-life date, this decision by Intel might limit your ability to leverage the benefits of Wi-Fi 7. It emphasizes the importance of considering an upgrade to Windows 11 or exploring alternative operating systems that will be compatible with the latest Wi-Fi technology.

Windows 11

Windows 11: Over 30 Hidden New Features You Probably Missed

Source: PCWorld

Summary: Windows 11's 22H2 version has seen many innovations introduced through "Moments." While Windows 10 won't receive new features until its end of support in 2025, Windows 11 continues to receive innovations. The first major feature update this year integrated Bing AI Chat into the Edge browser. However, the second major "Moment" update in July introduced over 20 new features, though they weren't as obvious. For instance, the kiosk mode changed, but Microsoft hasn't been vocal about these smaller upgrades.

What’s the importance of this article? The article highlights the continuous innovation and introduction of new features in Windows 11, emphasizing Microsoft's commitment to enhancing the user experience.

How could this affect me? If you're a Windows 11 user, you can expect a series of new features and improvements, making your computing experience more efficient and feature-rich.

Windows 11 Will Let You Copy Text from Your PC and Android Screenshots Soon

Source: The Verge

Summary: Microsoft is updating its Snipping Tool and Photos app. The Snipping Tool will soon have a feature that detects text in screenshots, allowing users to share the text in apps. This is similar to the text-copying feature on Android and iOS devices. Additionally, Microsoft has added a feature to redact and hide sensitive information like emails and phone numbers from images. The Photos app will also see new features, including background blur, content search in OneDrive photos, location search, and support for motion photos from Samsung and Google.

What’s the importance of this article? The article emphasizes Microsoft's efforts to enhance productivity tools in Windows 11, making tasks like text copying from screenshots more efficient.

How could this affect me? If you frequently take screenshots or use the Photos app on Windows 11, these updates can streamline your workflow, making certain tasks quicker and more intuitive.

Scams to Watch Out For

Zelle Scams on the Rise

Source: YouTube

Summary: Authorities have issued a warning about the rise in scams targeting users of the money transfer app, Zelle. Unlike other platforms, Zelle does not offer a way to retrieve money once a transaction has been made. Scammers are exploiting this feature by turning to platforms like Facebook Marketplace. They deceive sellers by expressing interest in purchasing items and then trick them into clicking on fraudulent links under the guise of "upgrading their Zelle account", a feature that doesn't exist. Once the seller clicks on the link, the scammer can extract money or sensitive information.

Key Takeaways:

  • Zelle does not offer a way to retrieve money after a transaction.

  • Scammers are targeting sellers on Facebook Marketplace.

  • They deceive sellers with a fake "Zelle account upgrade" tactic.

  • It's crucial not to click on links sent by strangers.

  • Always be cautious and verify before making any transactions.

Thank You, Hard Targets!

I want to personally thank everyone for reading this issue. I working to make this newsletter better. All feedback is welcome.

A nod to ChatGPT, our AI assistant, for its invaluable assistance in shaping this newsletter.

If you find value in our insights, consider subscribing for more. And if you're already with us, spread the word. If you are not into cyber news, please continue to enjoy the custom artwork.

Stay updated with our freshest content and revisit past issues on our archive.

Questions or feedback? Don't hesitate to reach out.

Kingdom Dominion Security & Technology

Reply

or to participate.