- Smart Intel Briefing
- Posts
- The Cybersecurity Crucible - Forging Hard Targets - 29 Sep 2023 | KD Sec & Tech Secure
The Cybersecurity Crucible - Forging Hard Targets - 29 Sep 2023 | KD Sec & Tech Secure
Unveiling the Latest Cyber Threats & Defenses
Introduction
Welcome Back to the Cybersecurity Crucible, Hard Targets!
Welcome to another edition of KD Sec & Tech's Cybersecurity Crucible, and a special shout-out to our loyal subscribers for your continuous support! We are thrilled to present semi-weekly releases every Monday and Friday, packed with crucial updates designed to keep you informed and protected in the dynamic field of cybersecurity.
In each issue, we not only bring you the latest in cybersecurity threats and tech breakthroughs but also highlight the most recent scams circulating online. Our goal is to empower you, our Hard Targets, with the knowledge and insights needed to stay ahead of the adversaries in the constantly changing digital environment.
This edition features a unique artwork that visually represents the intricate and ever-evolving landscape of cybersecurity. This artwork encapsulates the complexity and fluidity of the digital realm, serving as a reminder of the beauty and challenge embedded in our shared digital experience.
Subscribing and sharing our newsletter are small but powerful actions you can take to strengthen our community of Hard Targets. By doing so, you contribute to the dissemination of vital information that can help protect not just yourself but also your colleagues, friends, and family from the myriad of cyber threats lurking in the shadows of the internet. Remember, in the realm of cybersecurity, there is strength in numbers, and knowledge shared is power multiplied.
If you haven’t subscribed yet, consider doing so to receive timely and valuable insights that can fortify your defenses against cyber threats. Subscribe here.
Thank you for being part of our community, and for taking proactive steps towards creating a safer and more secure digital space for all. Together, let’s transform every Soft Target into a Hard Target! Stay sharp, stay updated, and here’s to building a resilient digital community together!
Cybersecurity Pop Quiz
Test Your Cybersecurity Knowledge With Our Quick Quiz: Are You a True Hard Target?
Question 1: What is the primary purpose of a ‘salting’ process in cryptography?
a) To add extra characters to a password before hashing it
b) To encrypt data transmitted over a network
c) To remove viruses from a computer system
d) To identify and block spam emails
Question 2: Which of the following is NOT a characteristic of a secure, strong password?
a) At least 12 characters long
b) Includes numbers, symbols, and both uppercase and lowercase letters
c) Contains easily guessable information, like your name or birthday
d) Doesn’t use words found in the dictionary
Question 3: What is the primary function of a firewall in a network?
a) To manage the network's bandwidth
b) To monitor and filter incoming and outgoing network traffic
c) To facilitate the transmission of emails
d) To store data securely
Answers:
a) To add extra characters to a password before hashing it
c) Contains easily guessable information, like your name or birthday
b) To monitor and filter incoming and outgoing network traffic
Cybersecurity News and Emerging Technology
Samsung Unveils LP CAMM: Up to 128GB of DDR5 in 60% Less Space
Source: Tom's Hardware
Summary: Samsung introduced LP CAMM, a technology that allows up to 128GB of DDR5 memory to fit into a space 60% smaller than conventional DIMMs. This innovation is crucial for applications requiring high-density memory, like data centers and edge computing devices.
What’s the importance of this article? The introduction of LP CAMM technology by Samsung marks a significant advancement in memory solutions, offering higher density with reduced physical space requirements. This is crucial for enhancing the efficiency and performance of data-intensive applications and services.
How could this affect me? For the average consumer, this technological advancement means that future devices and computers could potentially have more memory capacity without increasing in size, leading to more powerful and efficient personal and professional computing experiences.
Key Takeaways from POLITICO's 2023 AI & Tech Summit
Source: Politico
Summary: POLITICO's 2023 AI & Tech Summit brought together leaders in politics, business, and technology to discuss the future of AI and its implications. The summit covered various topics, including AI ethics, regulation, and the technology’s role in addressing societal challenges.
What’s the importance of this article? The summit provided insights into the current thinking and future plans regarding AI from various influential sectors. Understanding these perspectives is crucial for anticipating the direction of AI development and regulation, which will inevitably impact various aspects of society and the economy.
How could this affect me? The decisions and discussions from such summits often lead to policies and regulations that can affect the development and use of AI technologies, which may influence the availability, functionality, and legality of AI-based services and products that consumers use daily.
Meta AI Chatbots: Gen AI Personas for the Young
Source: The Verge
Summary: Meta introduces AI chatbots designed for younger users, providing an engaging and interactive experience. These chatbots, known as Gen AI, are designed to understand and mimic the communication style of younger generations, making technology more accessible and relatable to them.
What’s the importance of this article? The introduction of Gen AI showcases the continuous efforts to make AI more inclusive and accessible to all age groups. It represents a step towards creating technology that understands and engages with younger users in a way that is familiar and comfortable for them.
How could this affect me? For parents and educators, Gen AI offers a tool that can engage children in a manner that is intuitive for them, potentially serving as an educational and entertainment resource. It also raises considerations for the responsible and ethical use of AI with younger audiences.
A New Kind of Chip Paves the Way for Quantum Technology
Source: Phys.org
Summary: Researchers have developed a new type of chip that significantly advances quantum technology. This chip is capable of handling and storing quantum information, paving the way for more practical and accessible quantum computing and communication systems in the future.
What’s the importance of this article? The development of this new chip is a significant milestone in making quantum technology more practical and accessible. It brings society a step closer to realizing the potential of quantum computing, which promises to revolutionize various fields by solving complex problems that are currently intractable for classical computers.
How could this affect me? The advancement in quantum technology signified by this new chip will likely lead to the development of more powerful and efficient computing and communication systems in the future, impacting various aspects of daily life, from healthcare and finance to communication and entertainment.
Cybersecurity General Tip of the Issue
Safeguarding Against Malicious Links
Summary: Safely testing links is vital for protection against malicious content. This involves using link scanners, checking URL reputations, unshortening URLs, using virtual environments, installing security software, manual inspection, and SSL verification. For reader communication, transparency, education, and trust-building are crucial, and for signup links, using trusted platforms while displaying clear links is advised.
Why is this important? With the prevalence of cyber threats, ensuring the safety of links is crucial to prevent falling victim to scams, phishing, or malware infections. Safe link practices protect both you and your readers from potential online security threats, fostering a secure digital environment.
How to Implement:
Utilize Link Scanners: Employ tools like VirusTotal, Norton Safe Web, or Google’s Safe Browsing to scan URLs.
Assess URL Reputation: Use services like Web of Trust (WOT) for insights on a URL’s reputation.
Unshorten URLs: Tools like GetLinkInfo or CheckShortURL can reveal shortened URLs' actual destinations.
Employ Virtual Environments: Use virtual machines or sandbox environments for safe link exploration.
Install Security Software: Maintain updated antivirus and anti-malware tools for added protection.
Inspect URLs Manually: Closely examine URLs for authenticity, watching for misspellings or unusual characters.
Verify SSL: Ensure URLs begin with "https://" and check for the padlock symbol in the browser.
Practice Transparent Communication: Indicate link destinations, educate readers on safe link practices, and build trust through consistent value provision.
Use Trusted Signup Platforms: Opt for reputable signup services and display clear, unshortened links in communications.
The Apple Ecosystem
macOS Sonoma 61 Security Fixes
Source: 9to5Mac
Summary: The recent macOS Sonoma update introduces 61 crucial security fixes aimed at enhancing the operating system's security. While the article does not delve into the specifics of each fix, it underscores the significance of these updates in providing users with a secure computing environment. For detailed descriptions of each security fix, users are advised to consult Apple's official security updates page.
Exploitation: The vulnerabilities could allow malicious actors to execute arbitrary code, gain elevated privileges, or cause denial of service.
Mitigation: Users are advised to update to macOS Sonoma 6.1 to protect their systems from these vulnerabilities.
Apple macOS Sonoma 14 Now Available with New Features
Source: The Verge
Summary: Apple has released macOS Sonoma 14, introducing new features like desktop widgets and a game mode. These features aim to enhance user experience and system performance.
What’s the importance of this article? The release of macOS Sonoma 14 is significant for users looking to utilize the latest features and improvements offered by Apple. The introduction of desktop widgets and game mode provides users with more functionality and customization options for their devices.
How could this affect me? If you are a macOS user, the new update provides you with tools that can improve your daily operations and overall experience with the system. Updating to macOS Sonoma 14 allows you to take advantage of these new features.
No iOS 17 Update on Your iPhone? Here's Why
Source: CNET
Summary: Apple's iOS 17 is not available for iPhone models from 2017 or earlier. The unsupported models include the iPhone 8, iPhone 8 Plus, and iPhone X. Although these older iPhones won't receive new features available in iOS 17, they will continue to function and receive security updates for iOS 16.
What’s the importance of this article? The article informs users about the compatibility of iOS 17 with various iPhone models. It is crucial for users with older iPhone models to understand that they won't be able to access the features of iOS 17 unless they upgrade to a supported device.
How could this affect me? If you own an iPhone model that is not compatible with iOS 17, you won't be able to experience the new features and improvements introduced with this update. However, your device will still be functional and secure with the continued support and security updates for iOS 16.
iOS 17.1 Beta 1 Released with New Features
Source: Macworld
Summary: iOS 17.1 beta 1 has been released to developers, bringing new features and updates. This release includes collaborative playlists in Apple Music, the new Journal app, PDF form autofill, NameDrop to Apple Watch, and more. The update also promises interface tweaks and minor unannounced features.
What’s the importance of this article? The release of iOS 17.1 beta 1 is significant as it introduces new features and updates that were anticipated after the release of iOS 17. For developers and avid Apple users, this release provides an opportunity to explore and understand the new functionalities and improvements made to the iOS.
How could this affect me? If you are an iOS user or developer, this update could enhance your user experience by providing new features and improvements. It’s crucial to understand these changes to utilize iOS effectively and efficiently.
The Apple Ecosystem Security Tip of the Issue
Safely Testing Links on Apple Devices
Summary: Safely testing links is crucial for protecting your Apple devices from malicious content. Implementing safe practices when clicking on links will safeguard your information and device integrity across iOS, iPadOS, macOS, and watchOS platforms.
Why is this important? With the prevalence of phishing attacks and malicious links, ensuring link safety is paramount. Apple users often store sensitive information on their devices, making security a top priority to prevent unauthorized access and data breaches.
How to Implement:
Use a Link Scanner: Tools like VirusTotal are accessible via web browsers on all Apple devices. Simply paste the link into the search bar to scan it against databases of known dangerous websites.
Check URL’s Reputation: Web of Trust (WOT) is available as a browser extension for Safari, providing reputation ratings for URLs based on user feedback and historical behavior.
Use a URL Unshortener: On Apple devices, you can use online tools like GetLinkInfo or CheckShortURL to reveal the actual link behind shortened URLs.
Use a Virtual Machine or Sandbox on macOS: Consider using a virtual machine or a sandbox environment when testing links on macOS. Tools like Oracle VM VirtualBox offer virtual machines, while Sandboxie can create sandbox environments.
Install Security Software: Ensure your Apple devices have updated security software. macOS users can consider antivirus and anti-malware applications, while iOS and iPadOS users should keep their devices updated with the latest security patches.
Manual Inspection: Carefully inspect URLs. If a link claims to be from Apple or another reputable service, compare it with the official website’s URL.
SSL Verification: Always check that the link starts with "https://" and look for the padlock symbol in the browser's address bar.
By following these steps, you can confidently test and interact with links, knowing that you’re taking significant measures to protect your Apple devices from potential threats.
Samsung & Android
Google Assigns New Maximum Rated CVE to libwebp Bug Exploited in Attacks
Source: BleepingComputer
Summary: Google has assigned a new CVE ID, CVE-2023-5129, to a critical libwebp security vulnerability that was exploited as a zero-day in attacks. Initially disclosed as a Chrome weakness, the vulnerability resides within the Huffman coding algorithm used by libwebp for lossless compression. It allows attackers to execute out-of-bounds memory writes using maliciously crafted HTML pages, leading to various severe consequences, including crashes, arbitrary code execution, and unauthorized access to sensitive information.
What’s the importance of this article? The reclassification of CVE-2023-5129 as a libwebp vulnerability is crucial as it was initially unnoticed as a security threat for various projects using libwebp, including 1Password, Signal, Safari, Mozilla Firefox, Microsoft Edge, Opera, and native Android web browsers. The revised critical rating emphasizes the importance of addressing this security vulnerability promptly across different platforms to ensure users' data security.
How could this affect me? If you are using any of the affected platforms or applications, your data could be at risk due to this critical vulnerability. It’s essential to update your applications and browsers to the latest versions that have patched this vulnerability to protect your data from unauthorized access and potential exploitation.
Galaxy S23 Series Gets Fourth Android 14 One UI 6.0 Beta
Source: SamMobile
Summary: Samsung has released the fourth One UI 6 beta update for the Galaxy S23 series, which includes the Galaxy S23, S23+, and S23 Ultra. This update, with a firmware version ending in ZWIC, is initially available in the USA and is expected to be released in other markets soon. The update is approximately 1GB in size and includes the October 2023 security patch, bug fixes, and various improvements. Some known issues still need to be addressed in future updates.
What’s the importance of this article? The release of the fourth One UI 6 beta update for the Galaxy S23 series is significant as it brings further improvements and fixes to the devices, enhancing the user experience. For users participating in the beta program, this update provides an opportunity to test and provide feedback on the new features and improvements introduced with Android 14 and One UI 6.0.
How could this affect me? If you own a Galaxy S23 series device and are participating in the beta program, this update will be crucial for you. It not only provides security patches but also introduces improvements and fixes that enhance the device's performance and user experience. Staying updated with these beta releases allows you to utilize the latest features and improvements while also providing valuable feedback to Samsung for the final release.
Samsung & Android Security Tip of the Issue
Safeguarding Links on Android Devices
Summary: Implementing safe link practices is crucial on Android devices to protect against malicious content. Android users can utilize various tools and practices to ensure the links they click are safe.
Why is this important? Android devices are commonly targeted due to their widespread use. Ensuring link safety helps protect your personal information from phishing attacks and your device from malware.
How to Implement:
Use Link Scanners: Apps like VirusTotal can scan links for safety. Simply paste the link into the app, and it will check it against known dangerous websites.
URL Reputation: Apps like Web of Trust (WOT) provide ratings on the reputation of a URL based on user ratings and a website's historical behavior.
URL Unshortener: For shortened links, use apps like GetLinkInfo to reveal the actual link.
Virtual Machine or Sandbox: Consider using a sandbox environment app to isolate the link from your main system.
Security Software: Install updated antivirus and anti-malware apps for an additional layer of protection.
Manual Inspection: Closely inspect URLs. Be wary of misspellings, extra characters, or anything unusual.
SSL Verification: Ensure the link starts with "https://" and check for a padlock symbol next to the URL on your browser.
For links in emails or messages, be especially cautious. If you're uncertain, verify the sender's identity and use the above tools to check the link's safety before clicking.
Microsoft & Windows
Windows 11 22H2 Adds Built-In Passkey Manager for Windows Hello
Source: BleepingComputer
Summary: The recent Windows 11 update introduces a passkeys management dashboard, a feature designed to facilitate passwordless user experiences, enhancing security. Passkeys, device-specific, offer strong protection against phishing attacks, unauthorized access, and credential theft. They are considered more secure than traditional passwords as they eliminate the need for memorization. This update is a part of Microsoft's initiative to counteract the significant increase in phishing attacks, with the company enabling passkey generation through Windows Hello. Users can now sign in using facial recognition, PINs, or fingerprints, with the option of using Bluetooth-paired devices for the process. The passkeys management dashboard can be accessed in the Settings app under Accounts > Passkeys.
What’s the importance of this article? The introduction of a passkeys management dashboard in Windows 11 marks a significant step towards enhancing user security. With phishing attacks on the rise, this feature provides users with a robust defense mechanism, making it harder for attackers to exploit stolen passwords.
How could this affect me? For Windows 11 users, this update means a more secure and convenient sign-in process. The passkeys feature not only offers enhanced security but also simplifies the login process, eliminating the need to remember passwords for various accounts, streamlining your workflow, and making tasks quicker and more efficient.
New Security Features in Windows 11 Protect Users and Empower IT Teams
Source: Microsoft Security Blog
Summary: The article discusses the enhanced security features introduced in Windows 11, designed to offer stronger protections and simplify security from the chip to the cloud. Innovations include secured-core PCs, the Microsoft Pluton Security Processor, multifactor authentication, and additional layers of application and data protection. Windows 11 also incorporates memory-safe languages like Rust to fortify traditional attack targets. Since the activation of new hardware and software features, organizations have reported a significant reduction in security incidents and firmware attacks.
What’s the importance of this article? The article is crucial as it informs users and IT professionals about the advanced security features embedded in Windows 11, providing insights into the system's enhanced resilience against sophisticated cyber attacks. It highlights the importance of security in the evolving digital landscape, emphasizing the need for robust protections to safeguard sensitive data and prevent security breaches.
How could this affect me? For individual users and organizations, the security features in Windows 11 offer a fortified defense mechanism against malware and cyber-attacks, ensuring a safer and more secure user experience. The introduction of features like passkeys and Windows Hello provides users with secure and convenient authentication options, reducing the reliance on passwords and minimizing the risks associated with password-related breaches.
Microsoft releases new free Windows 11 virtual machines with the September 2023 update
Source: Neowin
Summary: Microsoft releases new free virtual machines (VMs) named "Windows Development Environment" every month. These VMs, equipped with various developer tools, facilitate app development for Windows. They are available in four versions: VMware, Hyper-V, VirtualBox, and Parallels Desktop (macOS), free for 90 days. After this period, users need to download an updated version. These VMs cannot be activated with a license key for long-term use and require at least 70GB of free space and 8GB of RAM on your PC. The latest VM, version 2309, is based on Windows 11 build 22621.2283 and includes the September 2023 Patch Tuesday updates.
What’s the importance of this article? The article is significant as it informs developers and other users about the availability of new free VMs from Microsoft, which are essential tools for app development and testing on Windows. These VMs provide an easy way to explore the latest features of Windows 11.
How could this affect me? For developers and tech enthusiasts, these VMs offer a convenient and cost-effective way to develop and test applications for Windows. Regular users can also use these VMs to familiarize themselves with the newest features and updates of Windows 11 without having to install the operating system on their computers.
Microsoft & Windows Security Tip of the Issue
Regularly Update Your Windows Operating System
Summary: Keeping your Windows operating system updated is crucial for security. Microsoft regularly releases updates that fix bugs and security vulnerabilities, improving the overall stability and security of your system.
Why is this important? Regular updates protect your computer from malicious attacks and security threats. They patch vulnerabilities that could be exploited by hackers and provide enhancements to the functionality and performance of your operating system.
How to Implement:
Open the Windows Settings app.
Navigate to Update & Security.
Under the Windows Update tab, click on Check for updates.
If updates are available, Windows will download and install them automatically. You may need to restart your computer to complete the installation process.
For added security, turn on automatic updates to ensure that your system is always up to date.
Scams to Watch Out For
AI-Aided Cyber Scams
Source: Techish
Summary: Jennifer Jolly, a consumer tech life columnist, discusses the rise of AI-aided cyber scams and how individuals can protect themselves. With AI, scammers and hackers have become more sophisticated, launching various scams, including phishing (and smishing), fake delivery notifications, and bogus security alerts, through emails, text messages, phone calls, and social media. These scams often create a sense of urgency to trick individuals into revealing personal information or clicking on malicious links.
Key Takeaways:
AI is being used to boost various scams, making them more sophisticated and harder to recognize.
Americans are targeted with an average of 12 scams daily, with phishing and smishing being prevalent.
Scams often create a sense of urgency, tricking individuals into revealing personal information or engaging with malicious links.
McAfee has launched AI Scam Protection, a tool designed to scan, analyze, and block or warn users about malicious links in real time. The tool is free for a week, then available at thirty dollars a year or three dollars a month.
It is essential to have software protection across all devices, including Apple products, as everyone is vulnerable to these scams.
Thank You, Hard Targets!
Thank you dearly for taking the time to read this issue of KD Sec & Tech's cybersecurity digest. Your consistent support is immensely appreciated, and it's heartening to see our community of vigilant Hard Targets grow and strengthen with each edition.
Your engagement and feedback fuel our commitment to delivering content that is not only timely and relevant but also invaluable in navigating the complex cybersecurity landscape. As Hard Targets, your proactive approach to cybersecurity is commendable, and your readiness to stay informed and protected is what makes our community resilient and unyielding to cyber threats.
As we continue to work towards creating a secure digital environment, we kindly ask you to share the wealth of knowledge found in our digest with friends and family. Encourage someone you care about to subscribe before our next issue rolls out. In doing so, you extend the shield of protection that comes with being a Hard Target, contributing to the safety and security of your loved ones in the digital space.
Once again, thank you for standing strong with us. Let's continue to fortify our defenses, share knowledge, and transform every individual into a Hard Target that is well-prepared and unyielding to the cyber challenges of our time. Your support is invaluable, and together, we can make a significant impact in the world of cybersecurity.
Reply