- Smart Intel Briefing
- Posts
- The Cybersecurity Crucible - Forging Hard Targets – 20 October 2023 | KD Sec & Tech Secure
The Cybersecurity Crucible - Forging Hard Targets – 20 October 2023 | KD Sec & Tech Secure
Unveiling the Latest in Cybersecurity: Apple's Ecosystem, Samsung & Android Updates, and Microsoft's Windows Insights
Introduction
Hello, Hard Targets!
Welcome back, Hard Targets! We're thrilled to have you with us for another issue packed with the latest in cybersecurity news, tips, and insights. This issue, as always, is designed to keep you informed and prepared in the ever-evolving world of digital threats.
We're particularly excited about the artwork featured in this issue. It's not just visually appealing but also symbolizes the resilience and vigilance required in the cybersecurity realm.
If you're joining us for the first time, we encourage you to become a regular reader. Stay updated, stay informed, and most importantly, stay a Hard Target. Subscribe here.
Why is this newsletter a valuable asset? In the digital age, knowledge is power. By keeping abreast of the latest threats, vulnerabilities, and best practices, you're not just protecting your devices; you're safeguarding your digital identity.
Remember, we release new content semi-weekly, every Monday and Friday, ensuring you're always up-to-date.
In this issue, we delve into the Apple Ecosystem, explore the latest in the Samsung & Android world, highlight critical vulnerabilities, and provide actionable tips to enhance your cybersecurity posture. Plus, our 'Scams to Watch Out For' section is a must-read, offering insights into the latest tactics used by cybercriminals.
Stay safe, stay informed, and let's continue our journey to becoming the hardest of targets!
Cybersecurity Pop Quiz
Test Your Cybersecurity Knowledge With Our Quick Quiz: Are You a True Hard Target?
Question 1: Which of the following is a primary reason for using steganography in cybersecurity?
a) To encrypt data for secure transmission
b) To hide data within other non-secret data
c) To detect intrusions in a network
d) To authenticate users in a system
Question 2: In the context of cybersecurity, what does "Threat Hunting" primarily refer to?
a) The process of actively searching for malware in a network
b) The act of identifying potential vulnerabilities in software
c) The method of reverse engineering malware to understand its functionality
d) The strategy of setting up firewalls to prevent external threats
Question 3: Which of the following best describes the "Purple Team" in a cybersecurity exercise?
a) A team that only conducts penetration testing
b) A team that only focuses on defense mechanisms
c) A team that combines both offensive and defensive cybersecurity strategies
d) A team that evaluates the security posture without actively testing the defenses
Answers:
b) To hide data within other non-secret data
a) The process of actively searching for malware in a network
c) A team that combines both offensive and defensive cybersecurity strategies
Cybersecurity News and Emerging Technology
Meta Quest 3's Public Privacy Recording Raises Concerns
Source: The Verge
Summary: Meta's new Quest 3 VR headset has introduced a feature that allows users to record their surroundings, leading to significant privacy concerns. Critics argue that this feature could lead to unauthorized recordings in public spaces, drawing parallels to the privacy issues Google faced with its Glass product. The feature's introduction has sparked a debate about the balance between technological innovation and user privacy.
What’s the importance of this article? The article underscores the challenges tech companies face in introducing innovative features while ensuring user privacy. As wearable tech becomes more prevalent, striking the right balance becomes even more critical.
How could this affect me? If you're a user of VR or other wearable tech, it's essential to be aware of the privacy implications of new features. This knowledge can help you make informed decisions about using such technologies.
Top 10 Cybersecurity Experts to Follow on Social Media
Source: TechTarget
Summary: TechTarget has curated a list of ten influential cybersecurity experts who are active on social media platforms. These experts, with their vast experience and insights, provide timely updates, news, and analysis on the latest cybersecurity trends, threats, and best practices. Following them can offer a wealth of knowledge to both cybersecurity professionals and the general public.
What’s the importance of this article? In the rapidly evolving world of cybersecurity, staying updated with expert opinions and insights can provide a deeper understanding of the current landscape, helping individuals and businesses stay protected.
How could this affect me? By following these experts, you can gain timely updates, advice, and best practices that can enhance your cybersecurity knowledge and practices, making you more aware and prepared against potential threats.
OpenAI Integrates Bing-Powered Search with ChatGPT and Introduces DALL·E 3 in Beta
Source: TechCrunch
Summary: OpenAI has announced the integration of Bing-powered search into its ChatGPT platform, enhancing its ability to fetch real-time information. This move is expected to make interactions with the AI model more dynamic and informed. Additionally, OpenAI introduced DALL·E 3 in beta, an advanced version of its image generation model, which can create high-quality images based on textual descriptions.
What’s the importance of this article? The integration signifies the convergence of powerful AI models with search engines, paving the way for richer and more dynamic AI interactions. The introduction of DALL·E 3 showcases the advancements in AI-driven image generation.
How could this affect me? Users of ChatGPT and other OpenAI products can expect more enriched interactions, accurate information retrieval, and enhanced user experiences with these new updates.
Flipper Zero Can Lock Up an iPhone Running the Latest iOS 17
Source: ZDNet
Summary: A device named Flipper Zero has been demonstrated to lock up iPhones running the latest iOS 17. This discovery has raised concerns about potential vulnerabilities in Apple's mobile OS, emphasizing the need for continuous security research and timely patches.
What’s the importance of this article? The discovery underscores the importance of continuous security research and the need for tech giants like Apple to address potential vulnerabilities promptly to ensure user security.
How could this affect me? If you're an iPhone user, it's crucial to be aware of such vulnerabilities. Staying updated with patches and fixes from Apple can help mitigate potential risks.
CISA Shares Vulnerabilities, Misconfigs Used by Ransomware Gangs
Source: BleepingComputer
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released detailed information about specific vulnerabilities and misconfigurations that ransomware gangs commonly exploit. This information, part of the Ransomware Vulnerability Warning Pilot (RVWP) program, aims to assist organizations, especially those in critical infrastructure sectors, in bolstering their defenses against ransomware attacks.
What’s the importance of this article? CISA's proactive approach in identifying and sharing vulnerabilities exploited by ransomware gangs emphasizes the critical nature of cybersecurity in today's digital landscape and the importance of public-private collaboration in countering threats.
How could this affect me? For organizations and individuals alike, being aware of these vulnerabilities and taking preventive measures can be crucial in safeguarding against ransomware attacks.
China's VMware and Broadcom Restrictions Impact Global Tech Supply Chain
Source: The Register
Summary: China's Ministry of Industry and Information Technology (MIIT) has imposed restrictions on tech giants VMware and Broadcom. This move is seen as a response to the U.S.'s tech restrictions on Chinese firms and has the potential to disrupt the global tech supply chain, affecting product availability, costs, and lead times.
What’s the importance of this article? The move signifies the escalating tech tensions between the U.S. and China, with potential ripple effects across the global tech industry. It underscores the interconnectedness of the global tech supply chain and the potential vulnerabilities it faces due to geopolitical tensions.
How could this affect me? For businesses and consumers alike, these restrictions could lead to potential delays, increased costs, and changes in the availability of tech products and services.
Cybersecurity General Tip of the Issue
Secure Password Management: Beyond Just Choosing a Strong Password
Summary: While many individuals understand the importance of strong passwords, the management of these passwords is often overlooked. With the rise in online accounts, it's become common for users to reuse passwords or store them insecurely. This tip emphasizes the significance of secure password management, which includes using password managers, understanding the risks of password reuse, and adopting best practices for password rotation.
Why is this important? Reusing passwords or storing them in insecure places exposes individuals to potential cyberattacks. If one account is compromised, all accounts with the same password are at risk. Secure password management ensures that each password is unique, reducing the risk of multiple account breaches.
How to Implement:
Avoid Password Reuse: Ensure each online account has a unique password to prevent a single breach from compromising multiple accounts.
Use Password Managers: Adopt reliable password managers that can generate and store complex passwords for each site.
Rotate Passwords Regularly: Change passwords periodically, especially for critical accounts like email and banking.
Enable Two-Factor Authentication: For added security, especially for your password manager, enable two-factor authentication.
The Apple Ecosystem
iOS 17.1 Aims to Fix Display Image Retention Issues on iPhone 13 Models
Source: MacRumors
Summary: Apple is addressing display image retention issues on iPhone 13 models with its iOS 17.1 update. Some users reported noticeable image retention on their displays, which Apple acknowledges and aims to rectify with this software update.
What’s the importance of this article? This article highlights Apple's responsiveness to user-reported issues and its commitment to ensuring optimal device performance.
How could this affect me? If you own an iPhone 13 model and have experienced display image retention, this update is crucial for enhancing your device's display health and overall user experience.
iOS 17 Features Expected to Launch Later This Year
Source: MacRumors
Summary: Apple has teased several features for iOS 17 that are set to launch later this year. While some features were introduced with the initial release of iOS 17, others, like enhanced Face ID recognition with masks and new emojis are still on the horizon.
What’s the importance of this article? The article provides insights into upcoming features for iOS 17, showcasing Apple's continuous efforts to enhance user experience and device functionality.
How could this affect me? If you use an iPhone, these upcoming features can offer improved usability, especially in the current global context where mask-wearing is prevalent.
iOS 17 Allows Users to Convert Photos into Live Stickers
Source: CNET
Summary: A new feature in iOS 17 lets users turn their favorite photos into "Live Stickers." This feature allows for more personalized and dynamic conversations in messaging apps, as users can now integrate their photos as animated stickers.
What’s the importance of this article? This article showcases Apple's innovative approach to enhancing user communication by making conversations more personalized and engaging.
How could this affect me? If you frequently use messaging apps on your iPhone, this feature can add a fun and personal touch to your conversations, allowing for more dynamic interactions with friends and family.
The Apple Ecosystem Security Tip of the Issue
Enable Two-Factor Authentication (2FA) on Your Apple ID
Summary: Two-Factor Authentication (2FA) adds an extra layer of security to your Apple ID. When you sign in, you'll be asked to provide both your password and a verification code that's automatically displayed on your trusted devices or sent to your phone number.
Why is this important? With 2FA enabled, even if someone knows your password, they won't be able to access your account without the verification code. This significantly reduces the risk of unauthorized access to your Apple account, protecting your personal data, photos, documents, and more.
How to Implement:
iOS/iPadOS: Go to Settings > [your name] > Password & Security > Turn on Two-Factor Authentication.
macOS: Apple menu > System Preferences > Apple ID > Password & Security > Turn on Two-Factor Authentication.
watchOS: Since the Apple Watch uses the settings of the paired iPhone, ensure 2FA is turned on for the iPhone.
Samsung & Android
Qualcomm Developing RISC-V Based Wear OS Smartwatch Chip With Google
Source: SamMobile
Summary: Qualcomm has announced a collaboration with Google to develop a RISC-V based processor for Wear OS smartwatches, marking its first venture into RISC-V chipsets. This move could signify Qualcomm's gradual shift away from ARM amidst ongoing controversies, potentially influencing the entire tech ecosystem, including companies like Samsung.
What’s the importance of this article? This development is crucial as it indicates a significant shift in the semiconductor industry, with Qualcomm exploring alternatives to the dominant ARM architecture. It underscores the industry's search for more flexible, open-source solutions that could drive innovation and reduce reliance on traditional models, impacting product development and consumer electronics.
How could this affect me? For consumers, this strategic move by Qualcomm and Google could herald a new wave of high-performance, efficient wearables and other electronics. It might also influence market dynamics, potentially affecting pricing, product availability, and future technological advancements in personal electronics.
Galaxy S24 Series: Turning Galaxy Into Android’s iPhone - The Worst and Best Thing Samsung Did
Source: PhoneArena
Summary: The article discusses Samsung's strategic shift in its approach to the Galaxy S24 series, mirroring Apple's consistent design and slow innovation strategy. Despite criticisms for lack of design novelty, Samsung's focus on reliability, extended software support, and quality over flashy upgrades is likened to Apple's methodology. The Galaxy S24 series, particularly the Ultra, incorporates elements from the iPhone, including a rumored switch to a 5x zoom camera and a titanium frame, reflecting a "less is more" philosophy.
What’s the importance of this article? The significance lies in Samsung's transformative strategy, impacting consumer expectations and the industry's competitive landscape. By adopting Apple-like tactics, Samsung strengthens its market position, offering more reliable, consistent products and potentially attracting a broader consumer base seeking dependable technology.
How could this affect me? This shift by Samsung indicates a future where product choices might not be based on groundbreaking features but on reliability and ecosystem consistency. For consumers, this could mean more predictable product releases, extended device longevity, and potentially a more uniform user experience across devices.
OnePlus Open Has The Best Foldable Hardware and Wild Multitasking
Source: 9to5Google
Summary: OnePlus has launched its first foldable smartphone, the "OnePlus Open," featuring top-notch hardware and a unique multitasking system. Priced at $1,700, the device boasts a robust hinge design, a virtually invisible display crease, and high-quality OLED panels. The hardware includes a Snapdragon 8 Gen 2, 16 GB of RAM, and a 4,805 mAh battery. The phone's camera system is the most advanced for OnePlus, with a new 48 MP sensor and a triple camera array. The "Open Canvas" feature offers a fluid multitasking experience, allowing three apps in split-screen mode.
What’s the importance of this article? The OnePlus Open represents a significant step in smartphone innovation, particularly in the foldable category. It showcases advanced hardware capabilities and a user-centric approach to multitasking, setting new standards for competitors and offering consumers enhanced usability and performance.
How could this affect me? For tech enthusiasts and general consumers, the OnePlus Open's launch signifies more options in the high-end smartphone market, especially in the foldable category. Its advanced features and multitasking capabilities could influence purchase decisions, pushing competitors to innovate further. The device's robust design and advanced camera system may also appeal to users who prioritize durability and photography in their smartphones.
Samsung & Android Security Tip of the Issue
Using a Password Manager on Android Devices
Summary: While choosing a strong password is essential, managing and remembering multiple strong passwords for different accounts can be challenging. Password managers can help by securely storing and auto-filling your login credentials. On Android devices, including Samsung Galaxy and Google Pixel, there are several trusted password managers available that integrate seamlessly.
Why is this important? Using the same password across multiple sites or using easily guessable passwords can make you vulnerable to cyberattacks. Password managers not only help you generate strong, unique passwords for each site but also store them securely so you don't have to remember them. This ensures that even if one of your accounts is compromised, attackers won't have the keys to all your accounts.
How to Implement:
Choose a Reputable Password Manager: Apps like LastPass, 1Password, and Bitwarden are well-regarded and have Android versions.
Setting up on Samsung Galaxy Devices:
Go to the Google Play Store.
Search for your chosen password manager and install it.
Follow the app's setup instructions, which usually involve creating a master password.
Once set up, the app can generate and store passwords for your various accounts.
Setting up on Google Pixel Devices:
Open the Play Store app.
Search and install your chosen password manager.
Set up your account and master password.
Use the app to generate strong passwords for each of your online accounts.
Remember, the master password is the only one you'll need to remember, so make sure it's strong and unique. Also, regularly backup your password manager data to ensure you don't lose access to your accounts.
Microsoft & Windows
Microsoft Repositions 7TB 'Project Silica' Glass Media as a Cloud Storage Solution
Source: Tom's Hardware
Summary: Microsoft has updated its Project Silica storage research, positioning it as a sustainable storage solution for the cloud storage server market. Using this technology, one can store about 1.75 million songs or around 3,500 movies on a palm-sized slice of glass. Microsoft claims that the 7 TB storage per glass sheet can maintain data integrity for 10,000 years. The focus of the project has shifted from music archiving to cloud server data storage. The data stored in glass, due to its resistance to various environmental factors, can remain stable for thousands of years.
What’s the importance of this article? The article highlights Microsoft's innovative approach to data storage, emphasizing the longevity and durability of data stored in glass. As the world produces an ever-increasing amount of data, sustainable and long-lasting storage solutions like Project Silica become crucial.
How could this affect me? For consumers and businesses, this could mean a revolutionary change in how data is stored. The longevity of data storage could ensure that important data, memories, and archives remain intact for generations without the need for frequent backups or transfers to new storage mediums.
This is What Microsoft Loop is and How to Use it
Source: Windows Central
Summary: Microsoft Loop is a new collaboration and productivity online tool designed to enhance project management and teamwork. It combines workspaces, pages, and components, making it similar to platforms like Notion and Google Workspaces. The tool is particularly useful for task lists, meeting notes, brainstorming sessions, documentation creation, issue tracking, and more. It's available on Windows 11, 10, and other platforms. The interface is user-friendly, ensuring that users can quickly adapt without a steep learning curve. The article provides a comprehensive guide on how to get started with Microsoft Loop on Windows 11.
What’s the importance of this article? The introduction of Microsoft Loop signifies Microsoft's commitment to enhancing collaboration and productivity. As remote work and online collaboration become more prevalent, tools like Loop can play a pivotal role in streamlining processes and improving team dynamics.
How could this affect me? If you're a user of Microsoft products or someone who collaborates online, Microsoft Loop could be a game-changer for you. It offers a unified platform for various tasks, making project management and teamwork more efficient. Adopting such tools can lead to better productivity and smoother communication within teams.
No, Windows 12 Will Be a Free Upgrade and Won’t Require a Subscription
Source: Windows Latest
Summary: Rumors have been circulating that Windows 12 might be subscription-based, based on code strings found in Windows 11 previews. However, these strings pertain to the “IoT Enterprise Subscription” and not the main Windows OS. Microsoft has not yet confirmed Windows 12, but speculations suggest it will be released in 2024 with a focus on AI and cloud capabilities to compete with Google’s Chrome OS. Despite these rumors, Windows 12 is not expected to be subscription-based, and Microsoft has never made any of its client Windows versions subscription-based in the past.
What’s the importance of this article? The article dispels the rumors about Windows 12 being subscription-based, providing clarity to users and potential buyers. It also sheds light on the possible direction Microsoft might take with Windows 12, emphasizing AI and cloud capabilities.
How could this affect me? For Windows users, this means that the upgrade to Windows 12, when it becomes available, will not come with additional subscription costs. The emphasis on AI and cloud capabilities also indicates a shift in how Windows might operate in the future, potentially offering more integrated and advanced features.
Microsoft & Windows Security Tip of the Issue
Microsoft & Windows Security Tip of the Issue: Secure Password Management in Windows
Summary: Secure password management is more than just choosing a strong password. It involves understanding the various tools and practices that can enhance the security of your passwords on Windows devices.
Why is this important? With the increasing number of cyber threats targeting user credentials, having a secure password management strategy is crucial. A compromised password can lead to unauthorized access, data breaches, and potential financial losses.
How to Implement:
Use a Password Manager: Tools like Microsoft's built-in "Password Manager" in Edge or third-party applications like LastPass can help store and manage your passwords securely.
Enable Two-Factor Authentication (2FA): Wherever possible, enable 2FA for your accounts. This adds an additional layer of security, requiring not just a password but also a second form of identification.
Regularly Update Passwords: Change your passwords periodically and avoid reusing passwords across multiple sites.
Avoid Common Passwords: Refrain from using easily guessable passwords like "123456" or "password."
Check for Breaches: Use services like "Have I Been Pwned" to check if your credentials have been part of a data breach.
Educate & Train: Regularly educate yourself and others about the latest password threats and how to counteract them.
Remember, while a strong password is the first line of defense, a comprehensive approach to password management ensures that your data remains secure.
Scams to Watch Out For
Beware This Online Scam, SoCal Family Warns After Losing $20,000
Source: YouTube - ABC7
Summary: A family from Southern California is raising an alarm after their 83-year-old father was deceived by online fraudsters, resulting in a loss of $20,000. The family emphasizes the importance of being cautious and aware of such online scams to prevent others from falling victim.
Key Takeaways:
Elderly individuals are often targeted by online scammers due to their limited knowledge of digital threats.
Scammers use various tactics, including posing as legitimate companies, to gain the trust of their victims.
It's essential to verify the authenticity of any unsolicited calls or emails, especially those that involve financial transactions.
Thank You, Hard Targets!
As we wrap up this issue, I want to extend a heartfelt thank you to all of you, our dedicated subscribers, for your continued support and readership. Your engagement is what drives this newsletter, helping it grow and evolve.
I cannot stress enough how much I appreciate each one of you. You're not just subscribers; you're an active part of this community of Hard Targets. We're in this together, fortifying our defenses and staying informed in the face of ever-present cyber threats.
Here's a small but impactful way you can contribute: If you find value in our content, please consider encouraging just one friend or family member to subscribe before our next issue. Your personal recommendation is incredibly powerful and can help us expand our community. This growth directly influences the quality of content and the range of tech and security products and services discounts we can offer.
Thank you again for being the backbone of this initiative. Remember, we're not just avoiding threats; we're the Hard Targets that threats seek to avoid.
On another exciting note, I've recently ventured into video content on YouTube, focusing on the 8 CISSP domains. These Shorts are designed to be quick, informative, and easily digestible. Check out the channel here, and if you enjoy the content, I'd appreciate your likes, shares, and of course, your subscriptions.
Stay safe, stay informed, and let's keep making it tough for the bad guys!
Links
Kingdom Dominion Security
& Technology
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Exclusive Artwork Access: Get your hands on all the additional artwork that didn't make it to the main issue. A unique collection curated just for our premium members.
- • Behind-the-Scenes Insights: Understand the story behind each artwork. Discover the inspiration, the challenges, and the evolution of each piece.
- • Early Access to New Releases: Be the first to view our upcoming artwork even before it's released to the general public. A sneak peek into our creative world.
- • Special Discounts on Merchandise: Enjoy exclusive discounts on our merchandise, from prints to apparel. A token of appreciation for our premium members.
Reply