The Kavalan Newsletter

Cyber security and cyber hygiene spoken simple

(This newsletter contains links to external websites. Please review their terms of use and privacy policies before using those websites.)

July 2023 Edition

EXECUTIVE SUMMARY: In this hot July edition, we introduce our newest, completely non-existent and totally fictional cyber reporter - Maureen The Clean. Maureen likes to ensure that her home, her office and her internet are all sparkling clean. Maureen tells us why she has a low tolerance for the Great Cannon of China and the Low Orbit Ion Cannon. We also hear from the desk (still located in his mom's basement) of Jake The Pedantic who seriously thinks that excerpts from his report on why patches are important can be also used as pick up lines with women. Samuel The Harangued, our favorite family IT guy, has a thousand words to share - well, er ... his thoughts are more about those pictures (get it???) that we share on social media.
Follow us on Social Media

Know Your Cyber Threats


Maureen The Clean

Botnet Attacks

A botnet attack is one where a hacker compromises one or more of your devices, takes control and uses the devices for their nefarious purposes such as attacking companies and governments and making it look like the attack came from your device. In 2016, baby monitors, cameras and home routers were taken over by hackers to bring down a large portion of the internet. Freely available attack tools help hackers create new botnets easily. There are lots of botnet attack tools including the popular Great Cannon of China and the Low Orbit Ion Cannon, both of which are designed to create botnets that cripple internet servers with high volumes of traffic.


What do Botnets Target?

Poorly secured home internet connected devices such as smart TVs, home routers, security cameras are all prime targets. Devices that also have unpatched vulnerabilities in them are also prime targets.

How to Protect Yourself?

Don't make it easy for hackers. Here are three things you can do:
  • Change the default password on all internet connected devices and make them strong passwords.
  • Make sure to update all devices to the latest patches. Enable automatic updates, if possible.
  • Consider using a whole home cybersecurity protection solution like Kavalan. Botnets need to talk to their command and control (C2) servers. Kavalan blocks communications with known C2 servers.

Here Comes Patch


Jake The Pendantic

Band-Aid After the Injury. Patches Before the Injury

Install your patches people! Install them when they are released. Install them automatically! Software is everywhere - in our laptops, smart phones, smart TVs and even our wearable devices such as pacemakers. Where there is software, there are vulnerabilities. Where there are vulnerabilities, there is an opportunity for bad guys to take advantage. This could be a life or death situation!

  • CARDIAC PACEMAKERS CAN BE ATTACKED: The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Medtronic Pacemakers that can be made to execute remote code. The good news is that Medtronic identified the problem and issued a patch.

  • ZERO DAY VULNERABILITIES: A zero day is a vulnerability in an app or device that even the manufacturer was not aware of but hackers identified and exploited.  Apple issued a patch to resolve a new zero day that was identified on their devices. Always stay tuned to updates from vendors of your apps and devices.


Aaargghh! with Samuel the Harangued

Those Photos That Talk

Pictures sure do speak a thousand words. A simple digital photo can reveal your exact location (which could be your home address), the date and time the picture was taken, the exact kind of device it was taken on and who were the people with you (including any strangers). With outdoor photos that have shadows in them, it is possible to figure out exact location with just date and time using tools like SunCalc. This information is embedded in what is called EXIF data within photos. Even digitally altered photos might still have the original photo thumbnail in them. Read about EXIF data and learn how to remove the data before sharing your photos.


Threats and Breaches

Two apps on the Google Play Store, File Recovery & Data Recovery and File Manager, both of which have more than 1.5 million downloads have been found to be sending data to servers in China. Apps have been reported to Google but still not taken down.

Apps Sending Data To China

Dark Patterns are used to manipulate us online by companies and hackers. Get familiar with 5 common types of dark patterns and protect yourself. Based on where you live, Dark Patterns may also be illegal. Know your rights!

How Dark Patterns Manipulate Us

The US is on track for a record number of cyber breaches this year with over 1393 reported breaches. Most breaches go unreported. Healthcare and financial services companies breached the most in both Q1 and Q2 2023.

Hidden cyber threats
Historic Number of Breaches in 2023