Month: November 2024

When we’re thinking about Google’s Pixel lineup, our thoughts immediately go to Pixel smartphones — this year’s Pixel 9 series has something for everyone, even if you’re into foldable phones. Or maybe we’re reminded of the Pixel Tablet, and all the rumors we’ve been fielding about the possibility of a follow-up. Bigger isn’t always better, though, and recently we’ve been revisiting some mysteries concerning the most petite member of the Pixel family: the Pixel Watch.

We just wrapped up one mystery earlier this week, with Google finally starting sales of the Performance Loop Band we’ve been anticipating for months. But there’s been another one hanging over the Watch 3, leaving us to wonder if we’d ever see Google formally acknowledge it.

The colorways of the base Samsung Galaxy S25 and the Galaxy S25 Plus have leaked yet again. However, this time, we get a look at all the five expected hues thanks to leaked images of original SIM card tray replacement parts.

Posted on Bluesky by tipster Roland Quandt, the images show that the Galaxy S25 and 25 Plus will be available in black, green, purple, blue, and white color options.

We all know better than to be using our phones when driving, which is exactly why we have speech-to-text and text-to-speech for handling our messaging. And when that’s all easily accessible through the dash and your vehicle’s integrated controls with the help of Android Auto, so much the better! But right now, we’re learning about one really weird bug that’s getting in the way of Android Auto reading you your text messages.

A very confused group of Android Auto users have been sharing their stories over on Reddit in a thread started by user Grant_Son, and while this sounds like it involves a lot of different messaging apps, the common denominator is that people are hearing the word “oh” inserted at the end of messages (via 9to5Google). Reports identify this strange behavior with WhatsApp, Teams, Facebook, and ever regular old Google Messages.

As the holiday shopping season kicks off, two of the most anticipated events for online retailers and shoppers alike are Thanksgiving and Black Friday. During this time, millions of consumers flock to online stores to take advantage of exclusive deals, creating a prime opportunity for cybercriminals to launch various online attacks. Cyber threats such as phishing, credential stuffing, DDoS attacks, and payment fraud surge during these high-traffic periods. Therefore, both consumers and businesses need to be extra vigilant to avoid falling victim to cybercriminals.

Here are several strategies to protect yourself and your organization from online cyber attacks during Thanksgiving and Black Friday:

1. Implement Multi-Factor Authentication (MFA)

One of the simplest and most effective ways to secure accounts is by enabling Multi-Factor Authentication (MFA). MFA adds an extra layer of protection by requiring users to provide two or more forms of verification before gaining access to their accounts. This may include something the user knows (a password), something the user has (a smartphone app or hardware token), or something the user is (fingerprint or face recognition).

For businesses, encouraging customers to use MFA on accounts where it’s available can pre-vent unauthorized access to personal information and payment details. Consumers should also ensure MFA is activated on their online retail accounts, especially for those with saved pay-ment methods.

2. Use Strong, Unique Passwords

One of the primary entry points for hackers during the holiday season is weak or reused pass-words. During high-stakes shopping events, credential stuffing attacks—where cybercriminals use stolen usernames and passwords from data breaches to gain access to multiple accounts—become more common.

To protect against these types of attacks, both consumers and businesses should implement a strong password policy. Passwords should be long, complex, and unique for each account. Avoid using easily guessable information like birthdays or common words, and consider using a password manager to generate and store complex passwords securely.

3. Monitor for Phishing and Scam Emails

Phishing attacks are prevalent during high-traffic shopping periods like Black Friday and Thanksgiving. Cybercriminals take advantage of consumers’ excitement and the urgency of limited-time offers by sending fraudulent emails that appear to come from legitimate online retailers. These emails often include malicious links or attachments designed to steal person-al information or infect devices with malware.

What to watch for:
•    Suspicious email addresses or links that don’t match the official retailer’s domain.
•    Emails offering unbelievable deals that sound too good to be true.
•    Urgent requests to click links, provide sensitive information, or update payment methods.

To defend against phishing attacks:
•    Verify the sender’s email address carefully.
•    Avoid clicking on links in unsolicited emails. Always visit the official website directly.
•    Be cautious about email attachments, especially from unknown senders.
•    Educate employees and customers about the dangers of phishing through training and awareness campaigns.

4. Secure Your Website with HTTPS and SSL Encryption

For businesses, securing your website is critical during high-traffic periods. Cybercriminals may try to intercept customer transactions or perform man-in-the-middle (MITM) attacks when browsing unsecured websites.

Ensure that your website uses HTTPS (Hypertext Transfer Protocol Secure) and has a valid SSL (Secure Socket Layer) certificate. This encrypts the communication between users’ browsers and your server, helping protect sensitive data like credit card information from pry-ing eyes.

Consumers should always ensure they’re shopping on secure websites by looking for the pad-lock symbol in the browser’s address bar and verifying the URL starts with “https://” rather than “http://.”

5. Keep Software and Systems Updated

Regular software updates are a key part of maintaining a secure online environment. Attackers often exploit known vulnerabilities in outdated software, plugins, and devices. During busy shopping seasons, it’s even more important to stay up-to-date with security patches for operating systems, apps, and security software.

• For businesses: Ensure your online store, payment gateways, and any third-party ser-vices you use are updated with the latest security patches. Also, verify that your servers and network equipment are protected with firewalls and the latest antivirus software.

• For consumers: Keep your device operating systems, web browsers, and apps updated to minimize the risk of encountering security flaws.

6. Implement Fraud Detection Systems

Retailers and e-commerce businesses should be proactive in setting up fraud detection and prevention systems to identify suspicious transactions. This can include:

•    Transaction monitoring to spot unusual activity, such as multiple purchases from the same IP address in a short period.

•    Device fingerprinting to detect the same device trying to access multiple accounts.

•    Real-time alerts to notify businesses of potential fraud, enabling a swift response to mitigate risks.

On the consumer side, be cautious about sharing payment details or using unfamiliar payment methods that may not offer fraud protection. Consider using virtual credit cards or services like PayPal that offer an extra layer of security and are more likely to provide recourse in the case of fraudulent charges.

7. Be Aware of Social Media Scams

Cybercriminals often use social media platforms to promote fake Black Friday deals and Thanksgiving offers. These scams can appear as too-good-to-be-true discounts, limited-edition products, or fake giveaways, all designed to steal your personal information.

•    Verify the legitimacy of promotional offers through official retailer channels before providing any personal details.

•    Be cautious about clicking links from unsolicited messages or social media ads.

•    Follow retailers’ official pages for updates and deals.

8. Prepare for DDoS Attacks

Distributed Denial of Service (DDoS) attacks are common during busy shopping days, as cybercriminals attempt to overwhelm websites with traffic, causing service disruptions. To safe-guard against DDoS attacks:

•    Use DDoS protection services to absorb malicious traffic before it reaches your servers.

•    Distribute your network traffic across multiple servers or data centers to minimize the impact of an attack.

•    Monitor server load in real-time to identify unusual traffic patterns.

9. Educate Customers and Employees

Finally, educating both employees and customers about potential cyber threats is a crucial step in preventing cyber attacks. For businesses:

•    Train employees on identifying phishing emails, handling sensitive data securely, and maintaining strong security practices.

•    Provide customers with tips on how to shop safely online, such as using strong pass-words and verifying the security of websites.

For consumers, spreading awareness about common holiday scams, fraud tactics, and the im-portance of using secure payment methods can significantly reduce the risk of falling victim to online attacks.

Conclusion

Thanksgiving and Black Friday are major events for online retailers, but they also attract a sig-nificant uptick in cyberattacks. From phishing and credential stuffing to DDoS attacks and payment fraud, online threats are more sophisticated than ever. By following these defensive measures—such as enabling multi-factor authentication, using strong passwords, securing web-sites, and staying vigilant for phishing attacks—both consumers and businesses can reduce their risk and enjoy a safer holiday shopping experience. In the fast-paced environment of online shopping, cybersecurity awareness is key to ensuring that the only thing you’re shopping for this season is great deals, not a costly cyberattack.

The post How to Defend Against Thanksgiving and Black Friday Online Cyber Attacks appeared first on Cybersecurity Insiders.

HCL and Intel Join Forces to Safeguard Data in Cloud Environments

As cloud environments continue to evolve as the backbone for modern digital infrastructure, they simultaneously become prime targets for cybercriminals. These malicious actors often aim to either steal sensitive data or deploy malware for their own gain, threatening the security and integrity of cloud-based systems. In response to these growing concerns, HCL Technologies, in partnership with Intel, has introduced an innovative security solution designed to enhance data protection in cloud environments. The service, named Data Trust Shield, integrates cutting-edge technologies from Intel, including its Trust Domain Extensions (TDX) and Intel Trust Authority, to offer advanced protection for data stored in and transmitted through the cloud.

The Data Trust Shield service was initially tested within the Google Cloud environment and successfully integrated with hyperscalers—advanced cloud computing platforms that combine data storage, big data analytics, machine learning, and robust networking capabilities. This integration is especially crucial for meeting the complex needs of enterprise-level data centers, where secure and reliable data protection is paramount.

Intel has publicly stated that the collaboration with HCL introduces a new level of trust for cloud users. The combination of Intel’s TDX and Trust Authority ensures that sensitive information remains secure, even as it moves across various cloud services and infrastructures. By leveraging Intel’s hardware-based security solutions, this partnership seeks to provide businesses with greater confidence in their cloud operations, knowing that their data is safeguarded from evolving cyber threats.

This initiative is expected to set a new standard for securing cloud environments and provide a vital tool in the ongoing battle against cybercriminals targeting businesses and organizations across various industries. With data breaches and cyberattacks on the rise, HCL and Intel’s Data Trust Shield offers a comprehensive, scalable solution that helps mitigate the risks associated with storing and transmitting sensitive data in the cloud.

CyberVolk Ransomware Group Targets Entities Opposing Russian Interests

A newly identified cyber threat group known as CyberVolk is making headlines for its targeted ransomware attacks. This group, which has emerged in the cybercrime scene with a specific political agenda, is focusing its efforts on organizations that are vocal in their opposition to Russian actions, particularly those related to the ongoing war in Ukraine.

According to a detailed analysis by cybersecurity firm SentinelOne, CyberVolk is believed to have ties to India and has been actively attacking businesses in countries such as Japan, France, the UK, and the United States. The group’s operations primarily revolve around deploying ransomware to encrypt the files of targeted entities, demanding payment in cryptocurrency to release the encrypted data.

In its previous operations, CyberVolk, also known as Gloriamist, had been known for its quick ransom demands—typically asking for $1,000 worth of cryptocurrency within a five-hour window from the initial compromise. However, recent reports suggest that the group’s leader, known as Hacker-K, has modified its tactics. Rather than demanding rapid payment, CyberVolk now waits up to two weeks for the victim to settle the ransom. If the victim fails to comply within this time frame, the stolen data is then auctioned off on the dark web, potentially exposing sensitive information to further exploitation.

While it remains unclear whether CyberVolk has any direct affiliation with well-known ransomware groups such as Lockbit or with the Russian government’s cyber operatives, there are suspicions that they could be operating as a service provider for the Russian military intelligence agency GRU. This theory is based on the group’s focus on attacking organizations that oppose Russian geopolitical interests.

Another notable shift for CyberVolk is its departure from prior alliances with other hacktivist groups like Anonymous Sudan and NoName057(16). These associations were once characterized by coordinated Distributed Denial of Service (DDoS) attacks, but CyberVolk has now distanced itself from these tactics. Instead, it has pivoted exclusively to launching file-encrypting ransomware attacks, targeting critical sectors such as gaming, energy, healthcare, and finance. This strategic shift suggests that CyberVolk is narrowing its focus on disrupting high-value industries that could generate significant financial returns or geopolitical leverage through stolen data.

As CyberVolk’s operations continue to evolve, it is clear that the group is positioning itself as a major player in the ransomware landscape, with a politically charged agenda and a growing list of targets. The cybersecurity community will need to stay vigilant in tracking the group’s activities, as its attacks are likely to have far-reaching implications for global cyber resilience.

The post HCL and Intel offer Data Trust Shield for Cloud Environments CyberVolk ransomware details appeared first on Cybersecurity Insiders.

The Samsung Galaxy S25 Ultra is just a few months away, and leaks are starting to surface more frequently now. Following the viral spread of photos showing a dummy unit of the device last week, a new video has now emerged, revealing what appears to be a working prototype of the phone.

The hands-on video was posted on Reddit, and although the post is titled “Galaxy S24 Ultra definitely,” the device in the clip shows off the rumored rounded corner design of the Galaxy S25 Ultra. The leak has also been corroborated by prolific tipster Ice Universe, who confirmed on X that the device in the footage is indeed the Galaxy S25 Ultra. Another leaker who posts a lot of Samsung leaks, @chunvn8888, has also “confirmed” that the device in the video is indeed the “real” Galaxy S25 Ultra. You can check out the leaked clip below.

Google Calendar on Android is getting a new update that will make managing your to-dos much easier. Users will appreciate that the Calendar app on Android will finally show a full-screen view of “all their tasks and task lists” instead of only those that have a date assigned to them. The feature was added to Google Calendar on the web last year, and we spotted its mobile version in an Authority Insights APK teardown last month.