January 2024 - The New Year Edition
EXECUTIVE SUMMARY: Welcome to the New Year edition of our newsletter! In this edition, Maureen The Clean has no answers for the first time as she ponders whether 'Y2Q' will be a bust just like 'Y2K' was. Jake The Pedantic chuckles that he knew all along that Google was watching us, even in 'Incognito' mode. Meanwhile, Samuel The Harangued is forced to scramble (yet again!!) to protect his teenage nephew from cyber attack. This and more news on some new breaches and updates that may affect many of us. Bright start to the New Year indeed!
Follow Us On Social Media For Weekly Cyber Safety Tips
Quantum Computers And 'Y2Q'. How Does It Affect You?
Maureen The Clean
'Y2Q' is the name given to the day when quantum computers will suddenly be powerful enough to break all forms commonly used data encryption methods on the internet including what your browser is using as you read this blog!
Why does that matter? Well, simple, encryption is essential to everything on the internet including banking, shopping, access to online accounts and a lot of our communications. The person, company or country that develops the first quantum computer capable of decrypting standard encryption methods will suddenly be able to decrypt a large volume of all internet traffic and get access to our most personal details including our passwords!
Here is the good news. The development of any such computer is still years away. Scientists and governments are already working on more advanced encryption techniques. Second, not everyone will have access right away to such computing power i.e. your average hacker will still not be able to decode your passwords.
Here is the bad news. This kind of computing power will lie in the hands of a very select few including nation states. Revealing less data in the first place is going to be more critical. Second, some new advances in mathematical techniques have raised speculation that Y2Q could happen within 5 years.
Watch this video below from NIST (National Institute of Standards and Technology), a governmental body that governs standards on Y2Q.
Do you use Google Chrome? If so, you may want to know that Google is settling a $5 billion lawsuit over tracking people while they were in 'Incognito' mode on their browser. This raises a couple of questions:
What the heck is 'Incognito' mode anyway? Well, here is what Google promised 'Incognito' mode would do on Chrome browsers. They promised Chrome would not save your browsing history, any cookies or site data, information entered into forms or any permissions we gave to websites. But to be fair, they do also state explicitly that our information will indeed be visible to the websites that we visit including the ads that are served on them, to anyone whose network we were using including our internet service providers as well as to Search Engines so that they can use your information such as your location to serve you relevant search results. So, all said and done, there was really nothing incognito about it.
So, who can see what we do on the internet? Well, unfortunately, the list is long - the maker of the device you are using, the maker of the app or browser you are using, third party entities that the app, browser or device makers share data with directly, ad networks, data brokers, internet service providers, companies that provide internet service providers with software and technology, analytics companies, governments and more! Everyone wants our data and they are willing to spend huge sums of money to get access to it.
Popular instant messaging platform Discord has, over the last few years, become a very effective channel for cyber criminals to distribute malware targeted at gamers and younger internet users. Adware, Remote Access Trojans, Spyware and more are being distributed through links in Discord chats. Cyber criminals convince victims that the links contain highly sought for software such as game upgrade or cheat codes. A recent example of Discord malware is Vare linked to a group called Kurdistan 4455. In April 2023, security researchers at cybersecurity company, CyberArk, showed how attackers could implement a Command and Control communication using the Discord API with just 16 lines of code!! In other words, with just 16 lines of code, attackers can take control of your computer and get it to do what they want to do!
Awareness and cyber hygiene are the most effective ways to not fall victim to Discord malware. Some tips:
Do not click on any links shared on Discord chats even if the link is from a trusted source
Before downloading pay-for-use Discord services such as Discord Nitro, make sure to download only from the Discord website directly and not from anyone who promises 'free access' to the paid service
Massive new password dump with 75 million passwords of which 25 million are new discovered on the dark web. Researchers suspect credential stuffing as the main source of the list. Time to change our passwords!
New cyber crime group 'Bigpanzi' has been busy infecting Android set top boxes by tricking victims into installing back-door apps or fake firmware updates. Make sure your set top box is from a reputable vendor.