Tuesday, January 7, 2025

Flash Drive Capacity LIES

 BE AWARE

Many cheap flash and SSD drives lie about their capacity.
Not malicious lies, just that the semiconductor cells may not have passed all quality control.
This was covered in the January 6, 2025 Cyber Security presentation recording.
The slides concerning this issue:





Be Aware. Do not lose your important files, documents, photos, etc. to cheap hardware!

Monday, January 6, 2025

Friday, January 3, 2025

 DoubleClickjacking is a sophisticated form of clickjacking that exploits a double-click sequence to bypass existing security measures. Here's a brief overview of how it works and why it's concerning:

How DoubleClickjacking Works

  1. Initial Setup: The attacker creates a website with a button that opens a new window.

  2. Prompting Double-Click: When the user clicks the button, a new window opens, prompting the user to double-click.

  3. Manipulating Windows: During the double-click sequence, the attacker manipulates the timing and event sequence to replace or close the top-level browser window.

  4. Unauthorized Actions: The second click unknowingly authorizes a malicious action, such as granting access to sensitive information or authorizing a transaction.

Why It's Dangerous

DoubleClickjacking is particularly dangerous because it can bypass modern web browsers' clickjacking protections by exploiting the brief interval between clicks. This makes it difficult to detect and prevent, leaving many online platforms vulnerable

Real-World Impact

  • Account Takeovers: Attackers can take over user accounts by authorizing malicious applications.

  • Unauthorized Actions: Users may inadvertently change critical account settings or initiate financial transactions.

  • Platforms Affected: Major websites relying on OAuth for account authorization, such as Salesforce, Slack, and Shopify, are vulnerable to this attack.

Wednesday, December 11, 2024

Microsoft Windows Patch Tuesday December 2024

 Microsoft windows Patch Tuesday for December releases patch/fix for 71 vulnerabilities.

Of the 71 fixes one is actively being exploited and another has a CVSS score of 9.8!

Very highly recommended to apply both the December and November patch set for Windows 11 and Windows 10.

Apple released iOS 18.2 and iPad 18.2 today December 11, 2024

This 18.2 iOS and iPadOS 18.2 Update contains 21 Security related updates!

iOS 17.7.3 to address 14 Security flaws

iPadOS 17.7.3 macOS Sequoia 15.2 macOS Sonoma 14.7.2
macOS Ventura 13.7.2 watchOS 11.2 tvOS 18.2 visionOS 2.2




 iOS18.2 feature list

iOS 18.2 brings several exciting new features and enhancements to your iPhone. Here are some of the highlights:

  1. Apple Intelligence Enhancements: This update includes major improvements to Apple Intelligence, such as ChatGPT integration with Siri, allowing for more natural and conversational interactions.

  2. Genmoji: Create custom emojis directly from your keyboard. You can describe the emoji you're looking for, and iOS will generate a new emoji based on your description.

  3. Image Playground: Generate fun and playful images based on text prompts, concepts, and people from your photo library.

  4. Visual Intelligence: Available on iPhone 16 models, this feature uses AI to analyze and understand what's around you through the camera.

  5. Mail App Redesign: The Mail app has been redesigned for improved usability, allowing you to sort emails into multiple categories.

  6. Find My Improvements: New options in the Find My app make it easier to locate lost items and share their location with others.

  7. Volume Slider on Lock Screen: You can now add the volume slider back to your lock screen for easier volume control.

Tuesday, November 19, 2024

Apple Updates November 19, 2024

 Major updates to Apple Products software today. November 19, 2024.

iOS 18.1.1, iPadOS 18.1.1, Sequoia 15.1.1 and others


UPDATE: Apple fixes/updates released today (November 19) address at least 2 vulnerabilities currently being exploited in the wild.
It is highly recommended to apply updates to any and all Apple devices for which updates are available. Initial reports of only Intel based Macs are thought to be untrue.

Details are scarce implying the threat is high.