The Kavalan Cyber Safety Newsletter

Cyber security and cyber hygiene spoken simple

(This newsletter contains links to external websites. Please review their terms of use and privacy policies before using those websites.)

January 2024 - The New Year Edition

EXECUTIVE SUMMARY: Welcome to the New Year edition of our newsletter! In this edition, Maureen The Clean has no answers for the first time as she ponders whether 'Y2Q' will be a bust just like 'Y2K' was. Jake The Pedantic chuckles that he knew all along that Google was watching us, even in 'Incognito' mode. Meanwhile, Samuel The Harangued is forced to scramble (yet again!!) to protect his teenage nephew from cyber attack. This and more news on some new breaches and updates that may affect many of us. Bright start to the New Year indeed!
Follow Us On Social Media For Weekly Cyber Safety Tips

Quantum Computers And 'Y2Q'. How Does It Affect You?


Maureen The Clean

'Y2Q' is the name given to the day when quantum computers will suddenly be powerful enough to break all forms commonly used data encryption methods on the internet including what your browser is using as you read this blog!
    Why does that matter? Well, simple, encryption is essential to everything on the internet including banking, shopping, access to online accounts and a lot of our communications. The person, company or country that develops the first quantum computer capable of decrypting standard encryption methods will suddenly be able to decrypt a large volume of all internet traffic and get access to our most personal details including our passwords!

    Here is the good news. The development of any such computer is still years away. Scientists and governments are already working on more advanced encryption techniques. Second, not everyone will have access right away to such computing power i.e. your average hacker will still not be able to decode your passwords.

    Here is the bad news. This kind of computing power will lie in the hands of a very select few including nation states. Revealing less data in the first place is going to be more critical. Second, some new advances in mathematical techniques have raised speculation that Y2Q could happen within 5 years.

    Watch this video below from NIST (National Institute of Standards and Technology), a governmental body that governs standards on Y2Q.

    Google Still Sees You In Incognito Mode


    Jake The Pedantic

    Do you use Google Chrome? If so, you may want to know that Google is settling a $5 billion lawsuit over tracking people while they were in 'Incognito' mode on their browser. This raises a couple of questions:
    read about the google lawsuit



    Samuel The Harangued

    Discord Malware

    Popular instant messaging platform Discord has, over the last few years, become a very effective channel for cyber criminals to distribute malware targeted at gamers and younger internet users. Adware, Remote Access Trojans, Spyware and more are being distributed through links in Discord chats. Cyber criminals convince victims that the links contain highly sought for software such as game upgrade or cheat codes. A recent example of Discord malware is Vare linked to a group called Kurdistan 4455. In April 2023, security researchers at cybersecurity company, CyberArk, showed how attackers could implement a Command and Control communication using the Discord API with just 16 lines of code!! In other words, with just 16 lines of code, attackers can take control of your computer and get it to do what they want to do!

    Awareness and cyber hygiene are the most effective ways to not fall victim to Discord malware. Some tips:

    read more about discord's malware problem

    Threats and Breaches

    Massive new password dump with 75 million passwords of which 25 million are new discovered on the dark web. Researchers suspect credential stuffing as the main source of the list. Time to change our passwords!

    Massive password list leaked

    New cyber crime group 'Bigpanzi' has been busy infecting Android set top boxes by tricking victims into installing back-door apps or fake firmware updates. Make sure your set top box is from a reputable vendor.

    Android set top boxes attacked

    Remember, we talked about Zero Day attacks? Well, one of those can now be used to target your Chrome browser. Good news is that Google has released a patch. Update your Chrome now!

    Update your Chrome browser