Cybersecurity Digest - Making Hard Targets - 08Sep2023 | KD Sec & Tech

Navigating the Digital Landscape: Vulnerabilities, Breakthroughs, and Scams to Watch Out For

Cybersecurity Digest - Making Hard Targets - 08Sep2023 | KD Sec & Tech

Introduction

Hello, Hard Targets!

Welcome back to another edition of our cybersecurity digest, presented by KD Sec & Tech. As the digital landscape continuously evolves, so do the threats that lurk within it. These threats are relentless, adapting, and evolving, always seeking new ways to exploit vulnerabilities. This issue provides a comprehensive overview of the latest vulnerabilities affecting our most-used platforms, groundbreaking advancements in cybersecurity, and a spotlight on the newest scams that have been deceiving users globally.

Why is this edition essential for every Hard Target out there? In today's digital age, cyber threats aren't just about a compromised password or a breached account. They have far-reaching implications, affecting everything from our personal information to our financial well-being. Being informed is your strongest shield against these threats, and our mission is to arm you with this knowledge.

However, it's crucial to remember that cybersecurity isn't a solo endeavor. It's a collective responsibility. The more informed each of us is, the more fortified our entire digital community becomes. If you find this digest insightful, we urge you to subscribe and share it with your friends, family, and colleagues. Together, we can foster a digital community that's not just interconnected but also safeguarded.

Stay vigilant, stay informed, and always be a Hard Target!

Don't forget to click on that subscribe button and spread the word. By sharing knowledge, we can collectively ensure a safer digital realm for everyone.

Content Summary

Cybersecurity News and Emerging Technology

  • The US Government is Investigating China’s Breakthrough Smartphone

  • How to Stop Your Android Phone From Listening to You

  • The Rise of Quantum Computing and Its Implications for Cybersecurity

Platform-Specific Vulnerabilities and Pertinent News

iOS

  • Apple Wallet BG Add-On for the Kfd Exploit is a No-Jailbreak Apple Pay Card Customizer

Android

  • Android Malware Warning Issued For 10 Million Play Store Users

  • Android's March 2023 Security Update Patches Critical Bluetooth Vulnerability

macOS

  • Apple Seeds Third Betas of iOS 16.7 and iPadOS 16.7 to Developers

  • Apple Patches “Clickless” 0-Day Image Processing Vulnerability in iOS, macOS

Windows 10

  • Windows 10 August 2023 Update Issues and Improvements

Windows 11

  • Windows 11's New Feature Could Be a Security Nightmare

  • Microsoft to Stop Forcing Windows 11 Users into Edge in EU Countries

Scams to Watch Out For

  • BEWARE OF THIS NEW APPLE PAY SCAM

Cybersecurity News and Emerging Technology

The US Government is Investigating China’s Breakthrough Smartphone

Source: AOL Staff

Summary: The United States government is seeking more information about the Huawei Mate 60 Pro, a Chinese smartphone powered by an advanced chip. The new flagship device, which reportedly includes a new 5G Kirin 9000s processor developed specifically for Chinese manufacturer Huawei, recently shocked industry experts who didn’t understand how the company would have the technology to make such a chip following sweeping efforts by the United States to restrict China’s access to foreign chip technology.

Everyday Application: This article sheds light on the rapid advancements in technology and the geopolitical implications of such developments. It's a reminder of the intertwined nature of technology and global politics.

Action: Stay informed about the origin and capabilities of the devices you use. Understand the broader implications of technological advancements and how they might affect global relations.

How to Stop Your Android Phone From Listening to You

Source: Toms Guide

Summary: The age of virtual assistants has made it easier than ever to look up information, navigate your schedule, get recommendations for shows and restaurants, or find whatever your heart desires. Google Assistant has a bunch of handy commands for everything from testing your trivia knowledge to getting the most out of the best Google Home-compatible devices in a smart home system.

Everyday Application: With the rise of virtual assistants, privacy concerns have also increased. This article provides insights into ensuring your Android phone respects your privacy.

Action: Review the settings on your Android device, especially those related to Google Assistant, to ensure you have the desired level of privacy.

The Rise of Quantum Computing and Its Implications for Cybersecurity

Source: TechCrunch

Summary: Quantum computing, once a theoretical concept, is now becoming a reality. Leading tech companies are investing heavily in quantum research, aiming to harness its unparalleled processing power. However, this new frontier also poses significant threats to cybersecurity. Traditional encryption methods may become obsolete, as quantum computers have the potential to decrypt data that would take classical computers millennia to crack.

Everyday Application: The evolution of quantum computing is a testament to technological advancement. But as we embrace its benefits, we must also be prepared for the challenges it brings, especially in the realm of cybersecurity.

Action: Stay updated on the latest in quantum computing and consider its implications for personal and organizational cybersecurity. As the technology matures, it will be crucial to adopt quantum-resistant encryption methods.

Platform-Specific Vulnerabilities and Pertinent News

iOS

Apple Wallet BG Add-On for the Kfd Exploit is a No-Jailbreak Apple Pay Card Customizer

Source: iDownloadBlog.com

Summary: One of the intriguing features available with the MacDirtyCow and kfd exploits for iOS & iPadOS 15.0-16.1.2 and 16.0-16.6 beta 1 respectively is the ability to use add-ons that allow users to customize the designs of cards in the native Apple Wallet app. A recent add-on named Apple Wallet BG by iOS developer Hùng Anhh offers a unique take on this experience.

Everyday Application: For those who frequently use the Apple Wallet app, this add-on provides an opportunity to personalize the look of their cards, making the user experience more tailored and visually appealing.

Action: If you're interested in customizing your Apple Wallet cards and are running the mentioned iOS versions, consider exploring the Apple Wallet BG add-on. However, always ensure you're downloading from trusted sources to maintain the security of your device.

Android

Android Malware Warning Issued For 10 Million Play Store Users

Source: Forbes

Summary: A new Android malware threat has been identified, impacting 10 million Google Play Store users. This malware, dubbed "Xenomorph," is hidden inside seemingly legitimate applications and can bypass Google's security checks. Once installed, it can access sensitive data, display malicious ads, and even subscribe users to premium services without their knowledge.

Exploitation: The malware is hidden inside legitimate-looking apps on the Play Store. Once a user downloads and installs such an app, the malware activates and starts its malicious activities.

Mitigation: Users are advised to regularly update their devices, avoid downloading apps from unknown sources, and use reliable security solutions. It's also recommended to check app permissions and uninstall any suspicious apps immediately.

Android's March 2023 Security Update Patches Critical Bluetooth Vulnerability

Source: Android Central

Summary: The March 2023 security update for Android has addressed a critical Bluetooth vulnerability that could allow remote attackers to execute arbitrary code on vulnerable devices. This flaw, tracked as CVE-2023-0503, affects devices running Android 9 Pie and later.

Exploitation: Attackers can exploit this vulnerability by sending specially crafted Bluetooth packets to a target device, leading to code execution without any user interaction.

Mitigation: Android users are urged to update their devices to the latest security patch as soon as it becomes available. Turning off Bluetooth when not in use and only pairing with known devices can also reduce the risk.

macOS

Apple Seeds Third Betas of iOS 16.7 and iPadOS 16.7 to Developers

Source: MacRumors

Summary: Apple today seeded the third betas of upcoming iOS 16.7 and iPadOS 16.7 updates to developers for testing purposes, with the new software coming two weeks after Apple released the second betas of iOS 16.7 and iPadOS 16.7.

Everyday Application: This update signifies Apple's continuous efforts to refine and improve its operating systems for both iPhone and iPad devices. Regular updates are crucial for maintaining device performance, security, and introducing new features.

Action: If you're a developer, consider downloading the latest beta to test and provide feedback. Regular users should keep an eye out for the public release to ensure their devices are up-to-date.

Apple Patches “Clickless” 0-Day Image Processing Vulnerability in iOS, macOS

Source: NewsBreak

Summary: Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms.

Exploitation: Attackers can exploit this vulnerability by sending a maliciously crafted image or attachment to a target device, leading to malware installation without any user interaction.

Mitigation: Users are advised to update their macOS devices to the latest version (macOS 13.5.2) to patch this vulnerability. Regularly updating your devices ensures that you are protected from known security flaws.

Windows 10

Windows 10 August 2023 Update Issues and Improvements

Source: Newsbreak

Summary: The Windows 10 August 2023 cumulative update has been released, addressing 87 security flaws, including three that can be remotely executed. This update patches 12 spoofing vulnerabilities, 8 Denial of Service vulnerabilities, and 18 Elevation of Privilege vulnerabilities. These vulnerabilities can be exploited to take control of a device or connected network. Additionally, three security feature bypass issues have been fixed. Some users have reported installation problems, with computers hanging mid-operation and getting stuck during reboot.

Exploitation: Attackers can exploit these vulnerabilities to take control of a device or connected network. Some of the vulnerabilities allow for remote execution, while others can lead to denial of service or elevation of privilege attacks.

Mitigation: Users are advised to install the August 2023 cumulative updates as soon as they become available. Regularly updating the operating system and being cautious about downloading and installing updates from trusted sources can help mitigate these vulnerabilities.

Windows 11

Windows 11's New Feature Could Be a Security Nightmare


Source: TechRadar


Summary: Windows 11 has introduced a new feature that allows users to run Android apps. However, this integration could pose a security risk. The feature relies on Amazon's App Store, and while many popular apps are available, there are concerns about the security of lesser-known apps. These apps might not have undergone rigorous security checks, potentially exposing users to malware or other security threats.


Everyday Application: The integration of Android apps into Windows 11 offers users a broader range of applications to use. However, it's essential to be aware of potential security risks.


Action: Be cautious when downloading Android apps on Windows 11. Stick to well-known and trusted apps and ensure you have a reliable security solution in place.

Microsoft to Stop Forcing Windows 11 Users into Edge in EU Countries

Source: The Verge

Summary: Microsoft has decided to halt the practice of forcing Windows 11 users in Europe to use the Edge browser when they click on a link from the Windows Widgets panel or from search results. This change, currently being tested in recent builds of Windows 11, is limited to countries within the European Economic Area (EEA). The decision comes amidst scrutiny from the EU regarding Microsoft's practices, especially concerning the bundling of its Teams software with the Office productivity suite.

Everyday Application: This change signifies Microsoft's move towards offering more choice to its users, especially in the European region. It also highlights the influence of regulatory bodies in shaping tech companies' decisions and practices.

Action: Windows 11 users in the EU should expect more flexibility in their choice of default browsers, especially when accessing links from system-level components like the Windows Widgets panel and search results.

Scams to Watch Out For

BEWARE OF THIS NEW APPLE PAY SCAM

Video Source: YouTube - Jack Alderman

Summary: An Apple Pay scam is when someone steals your credit card details, like your credit card number, and uses it to make fraudulent purchases. Apple Pay scams are becoming increasingly common, so it's essential to be aware of possible scam scenarios and how to avoid them.

Key Takeaways:

  • Don't send money for things you haven't received.

  • Avoid sending money in exchange for a check.

  • Be cautious about facilitating money transfers for strangers.

  • Businesses and government agencies won't request payment via Apple Cash.

  • If contacted by someone claiming to be from a company or government agency, verify their identity by calling the official support number.

  • Apple will never request payment via Apple Cash or ask for your Apple ID password, verification codes, device passcode, recovery key, or any account security details.

  • Beware of scammers posing as Apple Support or other tech support.

Thank You, Hard Targets!

Thank You, Hard Targets!

Your commitment to navigating the intricate world of cybersecurity with us is truly commendable. In this rapidly changing digital landscape, staying informed is our collective strength, and knowledge remains our best defense.

A special acknowledgment to ChatGPT, our AI assistant, for assisting with the formatting and presentation of this digest.

If our insights resonate with you, I wholeheartedly invite you to immerse yourself in our upcoming editions. And for those who haven't taken the plunge yet, consider subscribing here: https://secntechsecure.beehiiv.com/subscribe

To our devoted readers and those just beginning their journey with our digest, remember that sharing this knowledge can create ripples of awareness. Spread the word to friends, family, and peers, amplifying our collective digital consciousness.

Stay updated with our freshest content and revisit past issues at: https://secntechsecure.beehiiv.com/

For a deeper dive into the world of cybersecurity, explore our official website: kdsecntech.com

Your trust and commitment mean the world to us. Together, let's pave the way for a more enlightened and secure digital tomorrow!

Kingdom Dominion Security & Technology

Reply

or to participate.