- Smart Intel Briefing
- Posts
- The Cybersecurity Crucible - Forging Hard Targets – 23 October 2023 | KD Sec & Tech Secure
The Cybersecurity Crucible - Forging Hard Targets – 23 October 2023 | KD Sec & Tech Secure
Unveiling the Latest in Cybersecurity: From AI Threats to Exclusive Artwork Insights
Introduction
Hello, Hard Targets!
Welcome back to another issue of our cybersecurity newsletter. We're thrilled to have our community of Hard Targets with us as we delve into the latest in the world of cybersecurity. This issue is packed with insights, from the rise of phishing and smishing scams to the best practices for securing your cloud storage across platforms.
This issue's art theme is inspired by "gold and white accents on a silver background." It's a romantic, abstract style crafted with acrylic on canvas, capturing the essence of the "Glorious" theme. We collaborated with Midjourney to bring this theme to life, ensuring that each piece resonates with the content and our readers.
For our dedicated readers, remember the Artwork Insider Access from our last issue? We've unlocked a curated collection of exclusive artwork just for you. As a Hard Target, you get unparalleled access to the depth of our creative journey.
If you're joining us for the first time, we encourage you to become a part of our Hard Targets community. Subscribe here and never miss an update. Our newsletter is a valuable asset in staying informed and protected in the ever-evolving landscape of cyber threats.
For our regular readers, you'll be familiar with our semi-weekly release cycle. Every Monday and Friday, we bring you the latest news, tips, and insights to help you stay safe online.
In this issue, we'll be covering:
The increasing threats in the Apple, Android, and Microsoft ecosystems.
Essential cybersecurity tips tailored for each platform.
The latest scams to watch out for, and much more.
Stay safe, stay informed, and let's continue our journey to becoming the hardest targets out there!
Thanks to Beehiiv for hosting this newsletter. Sign up for other newsletters here.
Cybersecurity Pop Quiz
Test Your Cybersecurity Knowledge With Our Quick Quiz: Are You a True Hard Target?
Question 1: Which of the following techniques is used to hide malicious code within legitimate software, making it harder for security software to detect?
a) Watering Hole Attack
b) Code Obfuscation
c) Session Hijacking
d) DNS Spoofing
Question 2: In the context of cybersecurity, what does "Red Teaming" primarily refer to?
a) A team responsible for maintaining firewalls and intrusion detection systems.
b) A team that conducts penetration tests from an attacker's perspective.
c) A team that focuses on developing security software.
d) A team responsible for monitoring network traffic for suspicious activities.
Question 3: Which of the following is a method used to verify the integrity of data during transmission?
a) Data Execution Prevention (DEP)
b) Address Space Layout Randomization (ASLR)
c) Hashing
d) Data Deduplication
Answers:
b) Code Obfuscation
b) A team that conducts penetration tests from an attacker's perspective.
c) Hashing
Cybersecurity News and Emerging Technology
Watch Out Oculus Quest 2 Users: Meta Quest 3's Launch Might Strain Your Storage
Source: TechRadar
Summary: The launch of the Meta Quest 3 VR headset brings advancements, but it's not all good news for Oculus Quest 2 users. To harness the Quest 3's superior Snapdragon XR2 Gen 2 chipset, 8GB RAM, and full-color mixed reality, VR app developers are releasing software updates. These updates, while designed for Quest 3, will also be available to Quest 2 users, leading them to download larger files without reaping the benefits. For instance, Red Matter 2's file size will jump from 5.6GB to 9.1GB, potentially straining the storage of Quest 2 users.
What’s the importance of this article? The article sheds light on the potential storage challenges Oculus Quest 2 users might face with the introduction of the Meta Quest 3. As VR technology progresses, ensuring a seamless user experience across different device generations becomes crucial.
How could this affect me? If you're an Oculus Quest 2 owner, be prepared for larger software update file sizes, which could fill up your device's storage more rapidly.
Tesla's Cybertruck Takes a Tommy Gun Test
Source: Electrek
Summary: Tesla recently put the Cybertruck's bulletproof claim to the test by firing a Tommy gun at it. Elon Musk confirmed that they unleashed an entire drum magazine from a Tommy gun at the Cybertruck's driver door "Al Capone style." While bullet marks were evident, no bullets penetrated the passenger compartment. However, the test seemed to focus only on the steel body panels, not the windows.
What’s the importance of this article? The article emphasizes Tesla's dedication to proving the Cybertruck's durability and safety claims. It showcases the company's confidence in the vehicle's protective features.
How could this affect me? If you're considering purchasing a Cybertruck or are intrigued by vehicle safety innovations, this article offers a glimpse into the Cybertruck's resilience.
Okta Faces Security Breach: Client Files Accessed by Hackers
Source: CNBC
Summary: Okta, a prominent cybersecurity firm, reported that hackers accessed its support system and viewed client files. This breach led to an 11.5% drop in Okta's shares. The company clarified that the breach did not impact its primary product offerings, which many major corporations use. The intrusion was facilitated using a stolen credential, but the main customer offerings remained secure. The breach only affected a support platform that Okta employs to assist its clients.
What’s the importance of this article? The article highlights the vulnerabilities even leading cybersecurity firms can face. A breach in a major player like Okta's system can have ripple effects on its clients.
How could this affect me? If you or your organization uses Okta's services, it's vital to be aware of such breaches. Monitoring security updates from service providers and taking necessary precautions is always a good practice.
Microsoft Offers 11 Remote Jobs Paying Over $100K
Source: Tech.co
Summary: Microsoft is currently hiring for nearly 500 positions that offer up to 100% remote work. Some of the highlighted roles include Director of Testing, Content Product Manager for Xbox Game Pass, Responsible AI Governance Program Leader, Cloud Solution Architect-AI Platform, and Security Operations and Incident Response Lead. The positions cater to various expertise areas, from AI and gaming to security and cloud solutions.
What’s the importance of this article? The article provides insights into Microsoft's current hiring trends, emphasizing the company's commitment to remote work and showcasing the diverse roles they are looking to fill.
How could this affect me? If you're in the tech industry and looking for remote job opportunities, especially with a tech giant like Microsoft, this article offers valuable information on current openings and the roles they're looking to fill.
Immediate Update Required for WinRAR Users
Source: Gizmodo
Summary: A critical vulnerability has been discovered in the popular file compression tool WinRAR. This flaw could potentially allow attackers to execute arbitrary code on a user's system when a specially crafted archive is unpacked. The vulnerability is present in versions of WinRAR released in the last 19 years, making a vast number of users susceptible. The company has released an update to patch this vulnerability and urges all users to update their software immediately.
What’s the importance of this article? The article underscores the significance of keeping software updated, especially widely used tools like WinRAR. A vulnerability in such a tool can expose countless users to potential cyberattacks.
How could this affect me? If you use WinRAR, you could be at risk. It's crucial to update the software to the latest version to protect your system from potential exploitation.
Cybersecurity General Tip of the Issue
Securing Your Cloud Storage: Best Practices Across Platforms
Summary: With the increasing reliance on cloud storage solutions such as iCloud, Google Drive, OneDrive, and various Linux-based solutions, it's essential to understand their security implications. Many users store sensitive data in the cloud without fully grasping the associated risks or the protective measures they can adopt.
Why is this important? As more personal and business data gets stored in the cloud, the potential impact of a security breach grows. Ensuring that this data is secure not only protects individual files but also personal and financial information that could be exploited if accessed by malicious actors.
How to Implement:
Understand the difference between client-side and server-side cloud storage encryption.
Set up strong authentication methods for accessing your cloud data.
Be vigilant and learn to recognize phishing attempts related to cloud storage.
Periodically review and, if necessary, revoke third-party app access to your cloud data.
Use a unique, strong password for your cloud storage, separate from other accounts.
Regularly back up cloud data to a secure offline source to prevent data loss.
The Apple Ecosystem
How to Use NameDrop in iOS 17 to Exchange Contacts by Tapping iPhones
Source: CNBC
Summary: Apple's iOS 17 introduces a feature called NameDrop, allowing users to share contacts by simply tapping their iPhones together. This feature, reminiscent of the Airdrop function, provides a seamless way to exchange contact information without the need for manual entry or scanning QR codes. To use NameDrop, both parties need to have iPhones with NFC capabilities and iOS 17 installed.
What’s the importance of this article? NameDrop is a testament to Apple's commitment to enhancing user experience by introducing intuitive features. It simplifies the process of contact sharing, making it faster and more efficient.
How could this affect me? If you're an iPhone user, this feature can streamline your contact-sharing process, especially in professional settings like networking events. Ensure you have iOS 17 to take advantage of this feature.
Is the iPhone 15 Pro Worth the Upgrade? How It Compares to Older iPhones
Source: CNET
Summary: The iPhone 15 Pro, Apple's latest flagship, boasts several enhancements over its predecessors. Key features include a brighter display, improved camera capabilities, and a more efficient A17 chip. However, when compared to the iPhone 14 Pro, the differences might not justify an upgrade for every user. The article provides a detailed comparison to help users decide.
What’s the importance of this article? With the constant release of new tech products, consumers often grapple with the decision to upgrade. This article offers a comprehensive comparison, aiding potential buyers in making informed choices.
How could this affect me? If you're considering upgrading to the iPhone 15 Pro or are curious about its features compared to older models, this article provides insights that can influence your purchasing decision.
Apple Investors Face $340 Billion Hole as Woes Mount
Source: LiveMint
Summary: Apple is currently facing a challenging period, with its market value dropping significantly. The company's struggles stem from various factors, including tepid sales in China, political tensions, and product issues. Despite its stock's high cost, Apple's growth is lagging, causing concern among investors. The company's shares have fallen, erasing over $320 billion in market value, yet it remains a significant player in the stock market. The upcoming fourth-quarter results are anticipated with caution as analysts predict a revenue decline.
What’s the importance of this article? This article highlights the financial challenges Apple is currently facing, impacting investors worldwide. It underscores the importance of market dynamics and external factors, such as international politics and product performance, in influencing a company's stock value. The situation serves as a reminder for investors to diversify their portfolios and stay informed about the companies they invest in.
How could this affect me? If you are an investor or potential investor in Apple, these developments could significantly impact your investment decisions and potential returns. The article suggests caution in making new investments in Apple under the current circumstances and encourages keeping abreast of the company's performance and market trends.
The Apple Ecosystem Security Tip of the Issue
Securing Your Cloud Storage: Best Practices Across Apple Platforms
Summary: Cloud storage has become an integral part of our digital lives, offering convenience and accessibility. However, with the increasing number of cyber threats, it's crucial to ensure that our data stored in the cloud is secure. Apple's ecosystem, including iOS, iPadOS, macOS, and watchOS, provides various tools and settings to enhance the security of your cloud storage.
Why is this important? Apple's ecosystem is renowned for its security features, but with the vast amount of personal and sensitive data we store in the cloud, taking extra precautions is essential. Ensuring that your cloud storage is secure protects you from potential data breaches, unauthorized access, and cyber threats.
How to Implement:
Two-Factor Authentication (2FA): Enable 2FA for your Apple ID. This adds an extra layer of security, ensuring that only you can access your account, even if someone knows your password.
Regularly Review iCloud Access: Go to Settings > [your name] > iCloud. Review the apps that have access to your iCloud data and remove any that you no longer use or trust.
Use Strong Passwords: Ensure that your Apple ID password is strong and unique. Consider using Apple's built-in password suggestions.
Backup Securely: Regularly backup your devices to iCloud. Ensure that iCloud Backup is encrypted to keep your data secure.
Stay Updated: Always update to the latest version of iOS, iPadOS, macOS, or watchOS. Apple frequently releases security patches and updates.
Limit Sharing: Be cautious when sharing iCloud links and ensure that shared albums or files are only accessible to trusted individuals.
By following these steps across Apple's platforms, you can ensure that your cloud storage is as secure as possible, safeguarding your data from potential threats.
Samsung & Android
Stealthy Android Malware Can Steal Your Money and Invade Your Privacy
Source: Fox News
Summary: A new Android malware, dubbed "TeaBot," is making rounds, targeting banking apps to steal money and personal data. The malware can also take over a victim's phone, sending messages or making calls without the user's knowledge. It primarily spreads through third-party app stores disguised as popular apps. Once installed, it can overlay fake screens on legitimate banking apps, tricking users into entering their credentials.
What’s the importance of this article? The emergence of "TeaBot" highlights the increasing sophistication of Android malware and the risks associated with downloading apps from unofficial sources.
How could this affect me? If you use Android devices and frequently download apps from third-party stores, you are at risk. The malware can access personal data, drain bank accounts, and take control of device functions.
SpyNote Android Malware Spreads Via Fake Volcano Eruption Alerts
Source: BleepingComputer
Summary: The Android 'SpyNote' malware has been observed in attacks targeting Italy using a fake 'IT-alert' public alert service. This service, operated by the Italian government, provides emergency alerts during disasters. The fake site warns of a possible volcano eruption, urging visitors to install an app. If downloaded on an Android device, the app installs the SpyNote malware, enabling a wide range of malicious actions.
What’s the importance of this article? The use of fake emergency alerts to spread malware is a concerning trend, showcasing the lengths cybercriminals will go to exploit public fears.
How could this affect me? If you're an Android user and tend to download apps without verifying their legitimacy, you could fall victim to such schemes, leading to data theft and device compromise.
WhatsApp Rolls Out Multiple Accounts Support on Android for All
Source: GSMArena
Summary: WhatsApp has introduced a feature allowing users to operate two different accounts on the same Android smartphone. This capability, which Telegram has offered for years, was previously available only to WhatsApp's beta users. To set up a second account, users need a second phone number and SIM card or a phone with multi-SIM or eSIM support.
What’s the importance of this article? This update from WhatsApp offers greater flexibility for users who manage multiple accounts, aligning its features with competitors like Telegram.
How could this affect me? If you have a need for multiple WhatsApp accounts, this feature simplifies the process, eliminating the need for multiple devices or third-party apps.
Samsung & Android Security Tip of the Issue
Securing Your Cloud Storage on Samsung & Android Devices
Summary: Cloud storage has become an integral part of our digital lives, especially on Android and Samsung devices. With platforms like Google Drive, Samsung Cloud, and other third-party cloud storage apps readily available, it's crucial to ensure that our data remains protected.
Why is this important? Android, being the most widely used mobile OS, is a prime target for cybercriminals. Samsung, with its vast user base, also faces similar threats. As we increasingly rely on cloud storage to backup photos, documents, and other personal data, the security of these platforms becomes paramount. An unprotected cloud can lead to data breaches, identity theft, and loss of personal and sensitive information.
How to Implement:
Use Strong Authentication: Ensure that you have a strong, unique password for your cloud storage. Activate two-factor authentication (2FA) if the service offers it.
Limit App Permissions: Regularly check which apps have permission to access your cloud storage. Revoke unnecessary permissions.
Encrypt Data: Use services that offer end-to-end encryption. For added security, consider encrypting data before uploading it.
Regularly Review Stored Data: Periodically review the data you have stored in the cloud. Delete unnecessary or sensitive files.
Log Out on Shared Devices: If accessing your cloud storage from a shared or public device, always log out after your session.
Software Updates: Always keep your Android OS, Samsung software, and cloud storage apps updated. These updates often contain security patches.
Be Wary of Phishing Attempts: Be cautious of emails or messages claiming to be from your cloud service provider. Always verify before clicking on any links or downloading attachments.
By following these steps, you can ensure that your cloud data remains secure on your Android and Samsung devices.
Microsoft & Windows
BitLocker Could Be Cutting the Performance of SSDs Almost in Half in Windows 11
Source: BetaNews
Summary: BitLocker, Microsoft's encryption tool, might be reducing the performance of SSDs by nearly 50% in Windows 11. Users have reported significant drops in SSD speeds when BitLocker is enabled. Microsoft has acknowledged the issue and is currently investigating the cause.
What’s the importance of this article? The article sheds light on a potential performance issue with BitLocker in the latest Windows 11. For users who rely on BitLocker for encryption, this could mean slower SSD speeds than expected.
How could this affect me? If you're using Windows 11 with BitLocker enabled, you might experience reduced SSD performance. It's advisable to keep an eye on updates from Microsoft addressing this issue.
Secret-Level Version of Microsoft 365 Rolls Out to Top Pentagon Offices
Source: Federal News Network
Summary: The Department of Defense (DoD) is set to deploy a secret-level version of Microsoft 365 to its top offices. This move is part of the Pentagon's broader effort to modernize its IT infrastructure. The new version will provide enhanced security features tailored to the needs of the defense department.
What’s the importance of this article? The deployment signifies the trust the DoD places in Microsoft's capabilities to secure sensitive information. It also underscores the tech giant's role in national security and defense IT modernization.
How could this affect me? While this rollout is specific to the Pentagon, it showcases Microsoft's capabilities in providing secure solutions for large organizations. Businesses and institutions might consider similar tailored solutions for their operations.
Windows Subsystem on Android Gets a Graphics Boost
Source: Windows Central
Summary: Microsoft has released an update for the Windows Subsystem on Android (WSA) that enhances the system's overall reliability and graphics. This update also introduces the ability to share .cer files with Android apps and incorporates Android 13 Platform updates. While the update might seem minor, it signifies Microsoft's ongoing support and development for WSA. For those unfamiliar with WSA, it allows users to run Android apps on Windows 11.
What’s the importance of this article? The article highlights Microsoft's commitment to integrating Android apps into the Windows 11 ecosystem. With the continuous updates and improvements to WSA, users can expect a more seamless experience when using Android apps on their Windows devices.
How could this affect me? If you use or plan to use Android apps on Windows 11, this update ensures better graphics and overall performance. It also provides more integration options, enhancing the overall user experience.
Microsoft & Windows Security Tip of the Issue
Securing Your Cloud Storage in Microsoft's Ecosystem
Summary: With the increasing reliance on cloud storage solutions, especially Microsoft's OneDrive and Azure, it's crucial to ensure that your data is protected. Microsoft offers a range of security features and best practices to safeguard your data stored in the cloud.
Why is this important? As cyber threats continue to evolve, the data you store in the cloud can be vulnerable to breaches, unauthorized access, and other security risks. Implementing best practices for securing your cloud storage ensures that your data remains confidential, maintains its integrity, and is available when you need it.
How to Implement:
Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of identification beyond just a password.
Regularly Review and Manage Shared Files: Ensure that you're only sharing files with trusted individuals and revoke access when it's no longer needed.
Use Strong, Unique Passwords: Avoid using easily guessable passwords and consider using a password manager.
Monitor Activity: Regularly check the activity log for any unusual or unauthorized activities.
Encrypt Sensitive Data: Before uploading to the cloud, encrypt sensitive files.
Stay Updated: Always keep your Microsoft software and apps updated to benefit from the latest security patches and features.
Backup Important Data: While cloud storage is reliable, always have a backup of crucial files in a separate location.
Educate & Train: If using Microsoft's cloud solutions in a business environment, ensure that employees are trained on security best practices.
Scams to Watch Out For
'It's Really Easy to Spoof a Phone Number': Phishing and Smishing Scams on the Rise
Source: YouTube
Summary: The video discusses the increasing prevalence of phishing and smishing scams. As technology, especially artificial intelligence, advances, scams are becoming harder to detect. Scammers are finding creative ways to steal information, including through text messages, a tactic known as "smishing." The video features an interview with Dave Hatter, a cybersecurity consultant, who emphasizes the importance of being skeptical and verifying any electronic communication. The US Postal Service has also acknowledged the rise of these phishing scams.
Key Takeaways:
Scams are becoming more sophisticated with the rise of technology and artificial intelligence.
"Smishing" is a form of scam where attackers send phishing messages via text.
It's easy to spoof a phone number, making these scams harder to detect.
Always verify electronic communications and be wary of unsolicited messages, especially those that ask for personal information or prompt you to click on links.
The US Postal Service is aware of phishing scams and advises customers to be cautious.
Thank You, Hard Targets!
Hard Targets,
As we wrap up this issue, I want to extend my heartfelt gratitude to each and every one of you for taking the time to read and engage with our content. Your support means the world to me, and it's what drives us to deliver the best insights and advice in the realm of cybersecurity.
I have a small request: If you found value in this issue, could you introduce our newsletter to a friend or family member? Your personal recommendation can make a world of difference. I'm counting on you to help us grow. With a larger community, we can bring even better content, exclusive insights, and special discounts on tech and security products and services.
Thank you once again for being a part of our journey. Let's continue to stand together, stay informed, and transform ourselves into the hardest targets out there!
Stay safe and vigilant,
Kingdom Dominion Security & Technology
Links
Kingdom Dominion Security
& Technology
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In.
A subscription gets you:
- • Exclusive Artwork Access: Get your hands on all the additional artwork that didn't make it to the main issue. A unique collection curated just for our premium members.
- • Behind-the-Scenes Insights: Understand the story behind each artwork. Discover the inspiration, the challenges, and the evolution of each piece.
- • Early Access to New Releases: Be the first to view our upcoming artwork even before it's released to the general public. A sneak peek into our creative world.
- • Special Discounts on Merchandise: Enjoy exclusive discounts on our merchandise, from prints to apparel. A token of appreciation for our premium members.
Reply