Google Cloud Accidentally Deletes $125 Billion Pension Fund’s Online Account
A major mistake in setup caused Google Cloud and UniSuper to delete the financial service provider’s private cloud account.
This event has caused many to worry about the security and dependability of cloud services, especially for big financial companies.
The outage started in the blue, and UniSuper’s 620,000 members had no idea what was happening with their retirement funds.
Services didn’t start again until Thursday, and the fund promised its members that investment account amounts would be updated as soon as possible, even though they were still showing numbers from the previous week.
Joint Statement and Apology
According to the Guardian reports, the CEOs of UniSuper and Google Cloud, Peter Chun and Thomas Kurian, apologized for the failure together in a statement, which is not often done.
“This incident is an exceptional and singular occurrence that has not happened with any client of Google Cloud on a global scale before.” This ought not to have occurred. Google Cloud has implemented preventative measures in response to the identified events that precipitated this disruption.
They said that the event was “extremely frustrating and disappointing” for members and caused by a “one-of-a-kind occurrence” in which UniSuper’s Private Cloud services were set up incorrectly, causing the fund’s cloud subscription to be deleted.
“UniSuper’s Private Cloud subscription was ultimately terminated due to an unexpected sequence of events that began with an inadvertent misconfiguration during provisioning,” the two sources stated. “Google Cloud CEO Thomas Kurian has confirmed that the disruption was caused by an unprecedented sequence of events.”
Dell is warning its customers about a data breach after an alleged shadowy cyber criminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.
An alleged cyber criminal called Menelik posted the following message on the “Breach Forums” site:
“The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.
It is up to date information registered at Dell servers.
Feel free to contact me to discuss use cases and opportunities.
I am the only person who has the data.”
Screenshot taken from the Breach Forums
According to the poster Menelik the data includes:
The full name of the buyer or company name
Address including postal code and country
Unique seven digit service tag of the system
Shipping date of the system
Warranty plan
Serial number
Dell customer number
Dell order number
Most of the affected systems were sold in the US, China, India, Australia, and Canada.
Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:
“At this time, our investigation indicates limited types of customer information was accessed, including:
Name
Physical address
Dell hardware and order information, including service tag, item description, date of order and related warranty information.
The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”
Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.
So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”
This kind of information is exactly what scammers need in order to impersonate Dell support.
Protecting yourself from a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your digital footprint
If you want to find out how much of your data has been exposed online, you can try the recommended Malware Bytes free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.
A 6G transmitter has been created that can reach the fastest internet capabilities recorded yet.
The new technology was created by four companies in Japan putting their best qualities forward to achieve the next generation of ultra-fast internet.
6G internet brings completely new advancements to technology and communicationThe highest generation of internet right now is 5G and is the current standard
The announcement of the new 6G breakthrough came in a press release on April 11 and the four companies involved include DOCOMO, NTT, NEC, and Fujitsu.
5G internet operates from 6-40 GHz while the new 6G test operated at much higher bands in 100 GHz and 300 GHz.
The 6G transmitter transferred data at 100 Gbps per second at 100 GHz indoors and 300 GHz outdoors over 328 feet, per the release.
The highest generation of internet right now is 5G and is the current standard.
Using higher frequency bands allows for much faster internet speeds and is the plan of how to achieve the next generation.
“High-capacity wireless communication is expected to be achieved by exploiting the abundant bandwidth available in the sub-terahertz band from 100 GHz to 300 GHz,” the release said.
The 6G potential is 500 times faster than the average 5G t-Mobile speeds in the US, according to Statista.
Its speed can also be compared to transferring five HD movies wirelessly per second, per Live Science.
The tech companies have hinted that 6G will allow for groundbreaking new ventures.
This includes extremely high-quality video streaming, better control for self-driving cars, and faster communication.
Some other advancements to look forward to include smoother operation for: Virtual Reality (VR)
*Metaverse
*Metaverse applications
*Mixed Reality experiences.
*Fully Automated Vehicles
*Hovercraft and other flying machines
*It will also support brand new technologies like Holographic images and Holographic Communication (seeing g a hologram of the person you are talking to emanate from a phone as an example)
“In the 6G era, when wireless networks are envisioned supporting diverse applications ranging from ultra-HD video streaming to real-time control in autonomous vehicles, as well as increasing communication demands,” the press release said.
WORKING THROUGH KINKS
Implementing the new high-speed 6G will come with some complications though.
The experts explained completed new devices will need to be made that can handle the high-frequency bands.
This is because of the large difference between what 5G devices are currently operating at and the high-frequency band 6G would need.
“However, compared to 28 GHz and other millimeter bands used in current 5G systems, the much higher frequencies of the sub-terahertz band will require entirely different wireless devices that are now being developed from scratch,” the press release said.
To be successful, this effort will need to overcome several key challenges, such as determining the specific performance requirements of wireless devices operating in the sub-terahertz band, and then actually developing such devices.Press Release
“To be successful, this effort will need to overcome several key challenges, such as determining the specific performance requirements of wireless devices operating in the sub-terahertz band, and then actually developing such devices.”
The next move for the four tech companies is to keep working out the kinks and utilizing each company’s strengths to make 6G a reality.
“Going forward, the four companies will continue to conduct extensive research and development into sub-terahertz telecommunications,” the press release said.
“Leveraging each company’s strengths in various initiatives to contribute to 6G standardization.”
Geobox: A Hacking Device That Is Basically Untraceable
In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!
Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:
1. Spoof location
2. Mimic Wi-Fi access points
3. Manipulate DNS and network parameters while providing anonymity.
4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).
Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!
After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”
OR
They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.
It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!
Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.
However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.
The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!
These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!
With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.
Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.
The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes
“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”
*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*
The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!
Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.
It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!
Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.
“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.
Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024
New password reset attack targets Apple device users
Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.
d3sign/Getty Images
Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.
Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.
Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.
Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.
After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.
Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.
Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.
In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.
It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.
One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.
However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.
For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.
Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.
Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.
Are you concerned about your online privacy and looking for ways to mask your IP address on Coinbase?
If like many people, you have come to the right place. In this guide, we’ll walk you through the steps to change your location on Coinbase (or any other Crypto Exchange) and hide personal information like your IP address, country, and region.
Quick Guide: Hide Your IP Address and Change Your Location
Mask Your IP Address
Flush DNS and Renew Your IP Address
Change Your Coinbase Location Settings
Other Methods to Hide Your IP Address and Location on Coinbase
Why Hide Your IP Address?
There are several reasons why you might want to hide your IP address. One of the main reasons is to protect your privacy and prevent Coinbase from tracking your physical location. By masking your IP address, you can also avoid leaving a digital footprint and bypass content filters or bans.
How to Hide Your IP Address and Location from Coinbase
Mask Your IP Address
Use a VPN (Virtual Private Network) or proxy server to mask your IP address and spoof your location.
We recommend using NordVPN for its ease of use and reliability.
Follow these steps to install and configure NordVPN:
Visit NordVPN’s website and create an account.
Download and install NordVPN on your devices.
Connect to a VPN server from your preferred location.
Flush DNS and Renew Your IP Address
Clear your DNS cache to ensure your computer obtains the latest IP address from Coinbase’s DNS server.
Renew your IP address through your device’s settings or command prompt.
Follow these steps for PC (Any Windows OS Computer) (please contact me directly at https://www.t.me/DigitalFoundation for one on one Consultation):
Step-by-Step Guide: Flush DNS and Renew Your IP Address
Step 1: Open Command Prompt
On Windows: Press the Windows key, type “cmd” in the search bar, then press Enter.
On Mac: Open Spotlight (Command + Space), type “Terminal,” then press Enter.
Step 2: Run Command Prompt as Administrator
Right-click on Command Prompt in the search results.
Select “Run as administrator” from the context menu.
Step 3: Enter Commands
In the Command Prompt window, type the following commands one by one, pressing Enter after each:
ipconfig /flushdns (This command clears the DNS resolver cache.)
ipconfig /release (This command releases your current IP address.)
ipconfig /renew (This command requests a new IP address from your DHCP server.)
Step 4: Confirm Success
Look for confirmation messages after each command.
You should see messages indicating successful flushing of the DNS resolver cache and renewal of your IP address.
Step 5: Close Command Prompt
Once you’ve completed the commands and confirmed success, you can close the Command Prompt window.
Note:
Flushing the DNS resolver cache and renewing your IP address can help resolve network connectivity issues and ensure that your computer has the latest IP address information.
These steps may vary slightly depending on your operating system. Always run Command Prompt with administrator privileges for these actions.
Mac/Apple Flushing DNS:
Change Your Coinbase Location Settings
Before logging in to your Coinbase account, ensure NordVPN is running and connected to the preferred server location.
Log in to your account, go to “Privacy Settings,” and change your “Location/Region/Country” to match your VPN server.
Save the changes and you’re all set.
Can’t Change Your Coinbase Location Settings? Here’s What to Do
If you’re unable to change your region, location, or country on Coinbase’s account settings, you can contact Coinbase support for assistance. Follow these steps:
Send a message to Coinbase support requesting a manual update of your physical location.
Wait for 24-48 hours for their response.
Other Methods to Hide Your IP Address and Location on Coinbase
In addition to using a VPN or proxy server, you can also consider using a neighbor or trusted friend’s Wi-Fi networks or proxy servers. However, keep in mind the security and privacy implications of these methods. If you are unsure or don’t know whether or not your Internet/Device/Computer is truly SECURE, take 2 minutes of your valuable time and go here to run a VPN and Browser Leak Scan: https://browserleaks.com/webrtc
VPN vs. Proxy vs. Public Wi-Fi: A Comparison
Here’s a comparison table outlining the key differences between using a VPN, proxy server, and public Wi-Fi to hide your IP address and change your location on Coinbase:
Features/Attributes
VPN
Proxy Server
Public Wi-Fi
IP Address Masking
Yes
Yes
Yes
Encryption
Yes (High-level)
No
No
Geolocation Spoofing
Yes
Yes
Partial
Ease of Setup
Easy
Moderate
Easy
Speed
Fast (depends on service)
Moderate
Varies (often slow)
Security
High
Low
Very Low
Privacy
High
Low to Moderate
Very Low
Access to Restricted Content
Yes
Yes
Maybe
Consistency
High
Moderate
Low
Cost
Subscription
Subscription or one-time fee
Free
Legality & Compliance
Generally Legal, some restrictions apply
Generally Legal, some restrictions apply
Legal
In summary, using a VPN offers the highest level of security and privacy, while proxy servers and public Wi-Fi networks may be less reliable. Choose the method that best suits your needs and always prioritize your online privacy and security.
By following these steps and tips, you can effectively hide your IP address and change your location on Coinbase, ensuring your online activities remain private and secure.
Disclaimer:
The information provided in this blog post is for educational purposes only. While we strive to provide accurate and up-to-date information, we cannot guarantee the effectiveness or suitability of the methods described.
By following the steps outlined in this guide, you acknowledge that neither any individuals affiliated with GeeksByTheHour nor its affiliates are responsible for any actions, events, or consequences that may occur as a result.
It is recommended to consult with a qualified IT professional or technician before performing any network-related actions on your computer. Always proceed with caution and at your own risk.
How to Track Anyone’s IP using Images? — Email, QR Code, PDF, EXE, MS Word, MS Excel, & any file can be a “digital mouse trap”..
Supported Tokens: HTTP, DNS, Web Image, Cloned Website, Adobe PDF, MS Word, MS Excel, MySQL Dump, Windows Directory, Custom EXE, QR Code, Sensitive Command, SVN, AWS API Keys, Fast Redirect, Slow Redirect, SQL Server, and many more…
Today I’ll teach you how to track anyone’s IP using Transparent Images! Yeah..
We will first understand the whole concept then redirect towards the step by step usage guide. You can even do this manually using custom developed payloads but it’s a more better way to do this easily. I’ll help you with that today, by providing easy steps you can follow. Let’s start learning..
Understanding Canarytokens
Canarytokens are like digital traps for your computer systems. They work by watching for certain actions, such as someone reading a file, making a database query, running a process, or spotting specific patterns in log files. It’s similar to those tracking images in emails, but instead of tracking opens, it tracks actions on your system.
The cool thing is, we can use Canarytokens to set up these traps in our regular computer systems, kind of like putting alarms in different parts of your house where anything someone does can set off an “alarm” – or at least a notification.
Now, why should you bother with these Canarytokens? Well, sometimes hackers get into computer networks, and it happens to big companies, governments, regular people — basically, everyone. That part is understandable. But what’s not okay is only finding out about it way later, like months or even years down the line which seems disappointing!!
Canarytokens are a free, easy, and fast way to help you know right away if someone is messing around in your systems. It’s like the hackers accidentally letting you know they’re there.
Web bug / URL token — Alert when a URL is visited
DNS token — Alert when a hostname is requested
AWS keys — Alert when AWS key is used
Azure Login Certificate — Azure Service Principal certificate that alerts when used to login with.
Sensitive command token — Alert when a suspicious Windows command is run
Microsoft Word document — Get alerted when a document is opened in Microsoft Word
Microsoft Excel document — Get alerted when a document is opened in Microsoft Excel
Kubeconfig token — Alert when a Kubeconfig is used
WireGuard VPN — Alert when a WireGuard VPN client config is used
Cloned website — Trigger an alert when your website is cloned
QR code — Generate a QR code for physical tokens
MySQL dump — Get alerted when a MySQL dump is loaded
Windows folder — Be notified when a Windows Folder is browsed in Windows Explorer
Log4Shell — Alert when a log4j log line is vulnerable to CVE-2021–44228
Fast redirect — Alert when a URL is visited, User is redirected
Slow redirect — Alert when a URL is visited, User is redirected (More info is grabbed!)
Custom image web bug — Alert when an image you uploaded is viewed
Acrobat Reader PDF document — Get alerted when a PDF document is opened in Acrobat Reader
Custom exe / binary — Fire an alert when an EXE or DLL is executed
Microsoft SQL Server — Get alerted when MS SQL Server databases are accessed
SVN — Alert when someone checks out an SVN repository
Unique email address — Alert when an email is sent to a unique address
Step-by-Step Usage
Go to canarytokens.org & choose your Canarytoken. This is like setting up a digital trap. Provide an email where you want to be notified and a note to remind yourself where you placed it.
Generate a Canarytoken, which is a unique URL or Fast redirect or anything else – it is all your choice. It’s like creating a secret link that will trigger an alert if someone interacts with it. In this blog I’ll be using Fast redirect as an example.
EXAMPLE
Put the generated Canarytoken in a special location & send it to the target. It could be in an email, a document, or even as an embedded image. If a target arrives upon it, you’ll receive an email notification, alerting you that something is off – just like a mouse activating a mouse trap :–)
Clicked..Your Digital Mouse Trap Is Set!
Fast Redirect was really super fast.. Later I tried using URL shortener and surprisingly, our main URL was not even noticeable in real time..
If your target hits the URL/File, like shown in the example above, your token gets activated & alerted to email or webhook as below:
You can also rename the generated PDF/Excel/Word document without affecting its operation!
In this digital age of 2024 and beyond, information and data is needed as the air we breathe, the tools we use to sift through data should uplift, not undermine, our quest for knowledge.
Yet, here we are, navigating the choppy waters of search engines like Bing and Google, only to find ourselves awash in a sea of advertisements, our privacy eroded by relentless tracking, and our quest for truth skewed by biased algorithms.
Does that seem okay to you?
These platforms, once hailed as the lighthouses of the information age, now seem more like will-o’-the-wisps leading men to their deaths in murky bogs. Radicalization through search engine commercialization is actually a real problem. For everything that Google has claimed, it is fighting against such things, the work of non-biased researchers like Cory Doctorow and Rebecca Giblin have proven that these companies can’t ever fulfill their promises… not when they rely on radicalization to help line their shareholder’s wallets.
Folks – it is jut not Google (Alpha) that does this! Today we face a plethora of Social Media “trackers” and “data miners” that commercialize every step and action that you take online within their platform for full disclosure. This article is just sharing with you that browsers such as Google (and its email product called Gmail) tracks, profits, and commercializes everything that you do in it.
Stract: A New Open Source, customizable search engine.
This innovative search engine feels like a callback to an earlier Internet age, when our networks were meant to be part of a free, open-source ecosystem.
Now, to be clear, Stract is in early “Beta” stage. This simply means that it is lacking many “normal” features that are common in modern browsers. You will not be using it for your daily browsing quite yet (I recommend Vivaldi, Brave (which offers Staking Rewards as well) and DuckDuckGo for the time being). That said, it has WONDERFUL potential.
The top ten main features of Stract include:
Open Source: Stract is entirely open-source, promoting transparency and community collaboration in its development and enhancement.
Customization: The platform stands out for its high degree of customizability, allowing users to tailor their search…
Advanced Search Capabilities: Stract offers advanced search capabilities, including Boolean operators, filters, and facets, empowering users to refine their searches with precision and efficiency.
Natural Language Processing (NLP): Leveraging cutting-edge NLP algorithms, Stract understands and interprets natural language queries, ensuring accurate search results even for complex or ambiguous queries.
Personalization: Stract employs sophisticated personalization algorithms to deliver tailored search results based on user preferences, search history, and behavior, enhancing the overall search experience and relevance of results.
Scalability: Built on a scalable architecture, Stract seamlessly handles large volumes of data and user queries, ensuring fast and reliable search performance even as data volumes grow.
Federated Search: Stract supports federated search capabilities, enabling users to search across multiple data sources and repositories from a single interface, eliminating the need to switch between different applications or platforms.
Real-time Indexing: With real-time indexing capabilities, Stract ensures that new content is immediately available for search, providing users with up-to-date and relevant information at all times.
Integration Options: Stract offers seamless integration with a wide range of third-party applications, databases, and content management systems, allowing users to leverage their existing infrastructure and workflows.
Analytics and Insights: Stract provides powerful analytics and insights into search behavior, user interactions, and content usage, enabling organizations to gain valuable insights and optimize their search strategies for better performance and user satisfaction.
Overall, Stract offers a comprehensive and feature-rich search solution that EMPOWERS users to find relevant information quickly and efficiently. It is also the ideal choice for individuals and organizations seeking a powerful and 100% CUSTOMIZABLE search engine for their own needs, wishes, and goals. In summary, if you are familiar with technology and don't expect a full-blown Browser experience without a few minor speed bumps, it is highly recommended to check Stract out here: https://stract.com/about
For 2024, Google and Yahoo are rolling out updated guidelines for bulk email senders, aimed at boosting deliverability and fighting the good fight against spam. This is good news: not only will it positively impact your deliverability, it’s easy to implement.
Why the update?
It’s simple: to create a cleaner, more secure environment for both senders and recipients. The new requirements fall into three key categories:
Authentication: Email authentication verifies you’re a legitimate sender, not a spammer. If you’re sending emails already, you’ve probably already taken the first step by setting up SPF (sender policy framework) and DKIM (domainkeys identified mail) records, even if you weren’t sure what they did. Now, the next crucial step is publishing a DMARC policy.
Simple unsubscribes: No more requiring users to authenticate or navigate labyrinthine unsubscribe processes. One-click unsubscribe provides a better user experience. Luckily, if you’ve already been offering this option, you’re already ahead of the curve!
Spam complaints: If you’re diligently collecting opt-ins with proper consent, spam complaints likely won’t be a concern. But it’s always good practice to maintain a healthy email list and engage your audience thoughtfully.
So what is DMARC?
The DMARC policy (Domain-based Message Authentication, Reporting & Conformance) acts as your email’s official security document, telling the world how to handle messages claiming to be from your domain.
Setting it up properly is essential today because many Email List Providers (such as small businesses) are already being surprised that their E-Mail Success % Rates Are Decreasing Just This Week (Google and Yahoo Domain Emails Began Enforcement On February 2nd, 2024).By February 1, 2024, publish your DMARC policy with your domain provider. Ensure this TXT record is added to your DNS settings with “yourdomain.com” replaced with your actual company domain:
It is actually straight-forward for most technical savvy folks whether you manage DNS yourself or need to put in a ticket so that your IT team can handle the DNS settings. (You can learn even more about DMARC records, including other options like adding a “rua” value to designate an email address that will receive DMARC reports, in Google’s documentation here.
These new email requirements might seem like extra hurdles, but they’re ultimately a positive step towards a more reliable and enjoyable email experience for everyone. By taking the small steps outlined above, you can ensure your business thrives under the new rules, reaching your target audience effectively and building lasting relationships. TECHNICAL DETAILS ABOUT DMARC IF YOU WANT TO DIVE DEEPER:
Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources.
DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.
WHY SHOULD ORGANIZATIONS LIKE YOURS BE INTERESTED IN DMARC?
Phishing and Spearphishing are among the top attack vectors for any organization dealing with PII (Personal Identifying Information), which can lead to identity impact, financial fraud, or even protected health information (PHI) breaches and Health Insurance Portability and Accountability Act (HIPAA) fines --> why? Because many individuals in the "black market" underground will access, buy, and sell that PII for non-Citizens/those who do not have health insurance-->they will be using it for their own "services" with fake ID presented as the same name and person that your company revealed their PII.
Summary: Your/Your Company liability can be far more reaching than you could ever imagine. It happens every day in the United States where "Joe" walks up to the urgent care or hospital needing emergency care with someone else's ID/SSN/healthcare insurance information all for the right price!
Fraudulent emails are easy to design and cheap to send, which gives threat actors incentive to use repeated email attacks. DMARC provides an automated approach to reducing fraudulent email, before it ever reaches an employee’s inbox. In addition, DMARC helps prevent adversaries sending email to your organization or others purportedly from your staff.
HOW DOES DMARC WORK?
DMARC removes guesswork from the receiver’s handling of emails from non-authoritative email servers, reducing the user’s exposure to potentially fraudulent and harmful messages. A DMARC policy allows a sender to indicate that their emails are protected by Sender Policy Framework (SPF) and/or Domain Keys Identified Message (DKIM), both of which are industry-recognized email authentication techniques. DMARC also provides instructions on how the receiver should handle emails that fail to pass SPF or DKIM authentication. Options include sending the email to quarantine or rejecting it entirely.
DMARC provides the receiver with an email address to provide feedback to the sender.
Potential feedback can include that the sender’s email was rejected/quarantined by the receiver or that a threat actor is attempting to imitate the sender’s domain.
HOW CAN I ADOPT DMARC ON MY DOMAIN?
Savvy organizations that adopt DMARC do so in strategic stages, with feedback loops between IT departments and their staff (depending on the size of the organization of course!). Because DMARC can block third parties delivering mail on the purported sender’s behalf, some intended messages may be flagged as illegitimate in some cases - which is a very small price to pay (risk vs. reward) in cybersecurity honestly.
Below Are A Few Steps Organizations Can Take To Ease Into DMARC Over Time:
1. Deploy DKIM & SPF in reporting-only mode first, listing known authorized email servers (such as vendors and trusted internal/external Partners).
2. Collect and review reports to identify unknown email servers.
3. Work with business units and IT staff to identify servers and determine their legitimacy.
4. Update DMARC policy flags to “quarantine” then to “reject” as confidence increases that most or all legitimate
servers have been accounted for.
In 2024, for cybersecurity, we’re entering an era where advanced AI tools and escalated social engineering tactics (especially during election years) are changing the game. To avoid potential cyber threats, businesses, governments and individuals must grasp these emerging trends.
1. Rise Of Cybersecurity AI
In 2024, AI’s role in cybersecurity will expand to encompass automated responses and predictive analytics. It’s mainly about taking preventive measures in advance….
Integrating AI into cybersecurity applications can improve threat detection and incident response. For instance, AI can identify anomalies or deviations that may indicate potential security threats. Previously unseen attacks can be detected.
With cyberattacks becoming more sophisticated, AI’s ability to analyze vast datasets and identify patterns will be pivotal. Since AI has become a major part of cyber criminals’ toolkit, AI is expected to become a mainstay in cybersecurity solutions.
2. Election Year Disinformation
Election years provide fertile ground for social engineering and disinformation campaigns, and there’s no reason to believe 2024 will be an exception. As political tensions rise, so do efforts to manipulate public opinion and undermine democratic processes.
Americans lost $10.3 billion to online scams in 2022, which also emphasizes the need for ongoing employee security awareness training that includes exercises to help identify social engineering tactics and phishing attempts. The use of open-source intelligence tools (OSINT) to root out network vulnerabilities is recommended as a preventive measure to combat threat actors.
3. Escalation Of Ransomware Attacks
Ransomware remains a formidable threat in 2024, with tactics becoming increasingly complex and negotiations more aggressive. According to Cybersecurity Ventures, damages from cybercrime are projected to exceed $10.5 trillion globally by 2025.
This alarming escalation calls for robust backup strategies, employee training, cyber insurance, negotiation expertise and incident response plans. Companies can follow the example of external performing tasks such as penetration testing, validating network integrity, identifying unauthorized activity and monitoring for suspicious behavior.
Leveraging AI, cybercriminals can prey on human weaknesses such as impulsiveness, greed and curiosity to more convincingly create personalized phishing campaigns at scale. AI-facilitated social engineering attacks have been reported to the FTC.
This emerging trend underscores the need to perform AI risk assessments and to consider outsourcing expertise to a virtual AI officer who can step into the role and run AI-resistant security protocols.
5. National U.S. Data Privacy Act
The progression of data privacy regulations—beginning with the European Union’s General Data Protection Regulation (GDPR) and extending to California’s Consumer Privacy Act (CCPA)—is paving the way for establishing a national data privacy act in the U.S. called the American Data Privacy and Protection Act.
The burgeoning cannabis industry, particularly retailers, is increasingly vulnerable to cyberattacks as they transition to digital platforms. Banks and credit card services could begin to accept electronic payments and ACH transfers from cannabis businesses—thanks to pending legislation making its way through Congress—and the gap between point of sale (PoS) systems and potential data breaches narrows significantly.
Human error and complacency are major risk factors, and the industry’s nascent adoption of digital technologies makes it an attractive target for cybercrime. Retail dispensaries must prioritize cybersecurity to protect their client data and financial transactions, as the sector’s so-called “green rush” also attracts the unwanted attention of threat actors.
7. Zero Trust Elevates To Boardroom Status
The concept of zero trust in cybersecurity, akin to the rise of anti-virus software in the 1990s, is set to become a staple topic in boardroom discussions in 2024. Gaining steady momentum, the implementation of zero trust is no longer a technical nicety but a business imperative.
Rooted in the principle of “never trust, always verify,” the widespread adoption of zero-trust architectures signifies a paradigm shift in security strategies, emphasizing continuous verification of every user and device, regardless of their location or network.
This strategic move elevates cybersecurity from a technical concern to a core business function, crucial for protecting organizational assets.
8. FEMA Cyber Insurance
To make a bold and unprecedented prediction, FEMA, the federal agency known for last-resort flood insurance, may eventually be called upon to serve as a model and backstop for cyber insurance policies not covered by commercial carriers.
With traditional insurance carriers withdrawing from high-risk regions like Florida due to severe climate events, there is a growing need for federal intervention. A FEMA initiative could potentially underwrite essential services like airports, hospitals, energy and water treatment plants as commercial insurance options become limited.
Conclusion
The increasing complexity of cyber threats underscoring the security trends of 2024 highlights the need for advanced mitigation strategies. Organizations will need to understand these trends, ensure they enable best practices and consider collaborating with outsourced cybersecurity expertise to navigate the security environment and ensure a robust, future-ready cyber defense.
%20(2).webp "Google Cloud Accidentally Deletes 5 Billion Pension Fund’s Online Account")
EXAMPLE
