Cybersecurity News Digest [September 2023]
Greetings to all readers on the arrival of the autumn season. We do not know in which part of the world you are reading this article, but one thing unites us — an interest in cyber technologies and security.
Today, we have prepared for you a cybersecurity news digest for September 2023 with only the most important and interesting news.
The previous cybersecurity news digest for August 2023 is here.
Cybersecurity news digest
#1 Indian hackers have hacked the website of the Canadian Armed Forces
The Indian hacker group Cyber Force shared screenshots of the Canadian Armed Forces website disabled on its social networks. The Department of National Defence of Canada confirmed the cyberattack but said that the problem was fixed on the same day.
The department clarified that hackers managed to hack a site isolated from other web portals and internal networks. There is no reason to believe that hackers managed to steal confidential information.
Before the incident, Canadian intelligence warned information system administrators about the increased risk of cyberattacks. Intelligence officers noted that geopolitical tensions quite often lead to an increase in cyber incidents.
Let’s recall that Canadian Prime Minister Justin Trudeau said that the government was provided with reliable evidence of India’s involvement in the murder of Sikh religious activist Hardeep Singh. The head of the Ministry of Foreign Affairs, Melanie Joly, added that Canada had declared a key Indian diplomat persona non grata.
#2 Apple has patented the touch textile of the future
Apple has introduced a new technology based on the use of “touch textiles” — fabrics in which electronic components are embedded that can register touches. Exactly how the company plans to implement this idea remains unclear, but some potential scenarios for using the new technology can be deduced from the text of the patent application.
The patent application states that the devices and technologies described in it can be used in various textile materials. They can be embedded in consumer electronics, clothing, accessories, bags, upholstery items, home textiles, and other items containing textile components or elements.
The new controls can be integrated into all items where fabric is used. These controls can be used to control smart home devices or a smartphone. For example, by stroking the Apple Watch strap, you could control the volume of the TV. However, it is not yet known when such a “sensory fabric” will appear on the market in Apple products.
Apple may be interested in sensor fabric as an alternative to existing materials, including FineWoven, a leatherette released by the company earlier this month. Apple introduced FineWoven with 68% recycled materials from consumers, but iPhone 15 cases made from this material were met with little enthusiasm.
#3 Microsoft Edge has started encrypting saved passwords and showing strings similar to serial keys instead
Users reported that the Microsoft Edge browser started encrypting saved passwords and showing instead strings similar to serial keys like GUID (Globally Unique Identifier, a statistically unique 128-bit identifier).
For example, a saved password such as “Hello@123” would appear in Microsoft Edge as a string like “6B29FC40-CA47-1067-B31D-00DD010662DA.”
This change made it impossible to view or copy the original passwords for use in other applications. The problem affects several different operating systems, including Windows 11, iOS, and other systems.
To solve this problem, there is a simple action — to refuse saved passwords in the synchronization settings in Microsoft Edge on both PC and mobile devices. If you use Edge in iOS, you may need to reinstall the browser application.
All saved Microsoft Edge passwords are stored and encrypted on Microsoft servers and synchronized on the user’s devices in real time. These passwords are also cached in the local Edge folder, and only Microsoft can read the data in the folder or on the server.
Previously, users could view all passwords saved in their profile on the passwords page in the browser settings. But after recent browser updates on the Microsoft server side, this has become impossible.
There is a way to cancel the encryption update for converting passwords to Edge. If the saved passwords are displayed as strings or numbers and you need to view them again, you can do the following: On a PC, open Microsoft Edge → Settings → Profiles → Sync. Enable “Passwords” and re-sync. On iOS or Android, you need to reinstall Microsoft Edge and open it, then click the three dots, go to Settings, click your profile, and open the sync page. There you need to enable “Passwords” and re-sync.
Profile experts explained that the problem with password may be widespread, but few users noticed the changes in their saved passwords, since users do not often visit this browser settings page.
#4 37 million people can claim a refund of money spent by their children in the game Fortnite
US regulators have started sending notifications to parents affected by their children’s purchases in the Fortnite game. Back in December last year, Epic Games reached an agreement with the Federal Trade Commission, which had accused the company of violating privacy rules regarding children and imposing in-game purchases on them. 37 million people should receive letters with notifications about the possibility of returning the money spent by their children. Victims can claim compensation for these expenses until January 17, 2024.
The agreement cost Epic Games $520 million. $275 million was a fine for collecting personal information about Fortnite players under the age of 13 without notifying their parents and obtaining their consent. This was the largest fine ever imposed for violating the rules of the Federal Trade Commission.
Epic Games will spend another $245 million on payments to customers under an agreement reached in December last year. This amount should cover the impulsive spending by kids on unnecessary V-Bucks (in-game currency) or virtual items provoked by “deceptive interfaces.”
According to the Federal Trade Commission, those entitled to compensation are:
- Fortnite users who were charged in-game currency for items they didn’t need between January 2017 and September 2022.
- Parents of children who, without their knowledge, withdrew funds from their credit card in the period from January 2017 to November 2018.
- Account holders who were blocked after they complained to their credit card company about illegal charges.
It is not yet known what the amount of compensation per person will be. The Federal Trade Commission said that compensation will depend on several factors, including the number of people who filed a lawsuit.
#5 Google changes your queries to sell more ads
During the antitrust investigation, it became known that Google’s search algorithms modify queries to obtain more commercial results.
So, you may just search for a microwave oven, but Google’s algorithm will change the query for a specific brand. The modified query automatically generates advertisements on the search results page and Google gets more money.
A reason to wonder whether we actually choose our purchases ourselves.