Hello everyone!
It's your new favorite System Admin here with a few digestable updates on security vulnerabilities on things you care about; that's right, it's time for a new section:
Plumes' Cyber Cafe Chats
Now, you're probably wondering what my Cyber Cafe Chats are all about. Good question! Honestly, I'm stilly defining it, but it's essentially breaking down the complicated news of the world of Cybersecurity and more in an easy, digestable format that's best enjoyed with your favorite blends and a steller vibe. So relax, get something warm to power through your Monday with, and let's chat.
Why do I keep hearing about "USB Condoms?"
If you've been watching the news lately, you've probably heard about "Juice Jacking" issues on the rise, but who would be stealing your precious Apple Juice? Well, it's not that different from your Grade School bully taking advantage of you, to be entirely honest. Just instead of something cool and delicious, it's your precious data or resources, which may or may not be more important to you. Personally, I prefer the white grape flavored profile data.
"Juice Jacking" refers to the the practice in which a malicious actors compromise a USB terminal, in this case the power terminals within coffee shops, airports, and other such public charging stations, to load malware onto your charging device. You see, your USB cable has two pairs of wires: one that handles power, and another that handles data; hackers use that data pair in order to install things like cryptominers, keyloggers, and sniffers alike to find what all you have on your device, and in some cases, extract it onto a store where they can access it later. There's no such thing as a free lunch, after all.
So, in order to protect yourself, you could get a USB Data Blocker such as the one linked, AKA a USB Condom. These specialized USB adapters have the data lines severed within them, and akin to their latex counterpart, block the flow of data from a potentially infected USB cord and hub from getting to your system.
That said, you can also employ the tried and true method of carrying your own charging equipment. If you use your own charging brick and USB to plug into one of these public charging stations, NOTHING can get across the AC/DC powerline to infect your machine. Or, if you're so on the go that sitting at a public charging station won't work for your busy lifestyle, a portable power bank such as the one listed here may suit all your needs. With some power banks even being able to charge multiple devices at once multiple times, you may find yourself even forgetting the brick and USB at home and not missing it whatsoever.
iOS Webkit Compromises, Android Vulnerabilities, and Chrome Memory Exploitations, OH MY
Now, before I wrap up our first Cyber Cafe Chat, I would like to bring your attention to a series of Zero Day Vulnerabilites that have been announced as of this past week, as well as asking the question: When is the last time you updated your device?
Zero Day Vulnerabilities, for those not in the know, are issues that were previously unknown to the provider that don't have a working fix yet; they've only been disclosed. Most of which receive patches that mitigate the damage, but until a fix is created and is provided to the public, hackers can exploit users who don't keep their devices up to date, and just such a thing has happened on our mobile world. You see, recently a pair of zero-day vulnerabilities were discovered on iOS devices listed below:
- iPhone 8 and later,
- iPad Pro (all models),
- iPad Air 3rd generation and later,
- iPad 5th generation and later,
- iPad mini 5th generation and later,
- and Macs running macOS Ventura.
These vulnerabilities are initiated by sending would-be victims text messages or emails with links that lead to a compromised website, in which either Chrome or WebKit vulnerabilities would be loaded based on the Operating System of the device. This vulnerability has already been patched out on Chrome as of October 2022, but has recently seen new life in the iOS sphere. That said, please take this opportunity to make sure your devices are up to date.
For iOS, that would be 16.4.1 – released on April 7th, 2023, while for macOS, that would be 13.3.1 also released on the 7th.
For Android, that would either be the March or April Update for Android 13, depending on your model. Google Pixel phones have yet to receive the April update, for example.
Additionally, a new zero day vulnerability was discovered within Chrome’s JavaScript engine, in which a threat actor could trigger browser crashes by memory exploitation as well as arbitrarily running code on infected devices. While the main targets identified in the attack thus far are high-risk individuals like politicians, journalists and more, we can’t be too cautious considering the clientele we work with, and the risk spyware would have on our machines.
Google has recently released a patch to fix this issue however, so I’d like to ask that you take a few minutes to update Chrome. Shouldn't take you more than a few minutes, so feel free to use that time to get some caffiene in you; you know your boy is about to do the same after writing all this out.
Of course, if you have any questions or concerns, please feel free to let me know!
It's honestly been an absolute pleasure writing this up for everyone, and I hope that you'll be able to use some of the information provided to protect yourself and others. And, if you liked this and want more easily digestable cyber information, I'd appreciate the follow! Still new to this whole blogging thing, so feel free to let me know how I can make this better for you as well! Until next time everyone...
I'll see you in the stars soon~!
No comments:
Post a Comment