This Week in Security #4

Monday. May 27, 2024 - 2 mins

Navigating the ever-evolving landscape of cybersecurity can feel like a whirlwind—new threats, innovations, and incidents are constantly reshaping the digital world. This week’s post breaks down some of the developments and that took place this past week.

Rapid-fire:

London Drugs employee information posted on dark web
Apple and Google attempt to fix unwanted location tracking
Update your Chrome browser now

Microsoft’s New “Feature” Tracks Everything You Do

Microsoft revealed a new feature they’re working on called “Recall”. This feature for Windows 11 would take screenshots of your screen and keep track of everything you do…

The goal of Recall is to help you search and retrieve your past activities
The list of privacy concerns associated with this feature is long and gets longer the more you think about it

This reminds me of a short story, “The Truth of Fact, the Truth of Feeling” by Ted Chiang. The story explores themes of memory and technology through the lens of a similar technology which records your life. (I can’t recommend this short read enough)

Putting aside the obvious privacy concerns, other questions arise with the use of these tracking mechanisms and AI tools that make our lives easier. Do we really want to know everything as it was, or do are the stories we tell ourselves more important? Where do we draw the line between automating tedium and sanding away the little tasks that make life interesting?

The feature is still being tested and has not been released yet.

A dandelion before it turns white. — A dandelion before it turns white

Scams

Look-Alike Domains

People are right to be worried about the threat of malware and viruses, so what do they do? They do the responsible thing and go find a suitable antivirus for them. After doing a quick search, some reputable names like “Malwarebytes”, “Avast”, and “Bitdefender” come up.

Malicious sites with domain names that look similar to what you are looking for can lead to dangerous outcomes.

avast-securedownload[.]com, bitdefender-app[.]com, and malwarebytes[.]pro all lead to websites not associated with the eponymous companies
If you aren’t careful, you can download malware or give out personal information to bad actors through these sites

Here are some red-flags to look out for to avoid look-alike domains.

Security Fundamentals

Advanced Persistent Threat (APT): An APT is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period, with the intent to steal data or surveil activities rather than cause immediate damage.

APTs are often sophisticated, involving continuous and covert efforts to achieve their objectives, typically orchestrated by skilled and well-funded adversaries, such as state-sponsored groups.

One of the most famous examples is Stuxnet, a worm developed by the United States and Israel to take down Iran’s nuclear program back in 2010

Siddhantha Bose

Living, learning, and meeting people along the way