Month: June 2024

How to make awareness training impactful using threat intelligence.

Most organizations take on Security Awareness Training in one form or another with varying levels of commitment. For some, it is a tick-in-the-box exercise to satisfy some form of compliance. This can range from a parent organization to the PCI-DSS obligations of making sure employees are aware of the importance of handling cardholder data. For others, the entire month of October (due to Cyber Security Awareness month) gets chalked up to a barrage of emails and posters bombarding everyone within the company.

One thing that remains consistent is that while evidence shows the more an organization participates in the discussion of risk, a higher percentage of employees respond appropriately to both real and perceived threats. How is it then that we continue to have employees falling victim to phishing attacks, watering hole attacks, and phone scams? The fact of the matter is that we’re all human, and humans make mistakes. While we can accept that as a fact, we as a community can also continue to evolve – and improve our organizational cybersecurity posture.

What if we were able to truly capture our audience’s attention? Over time it has become evident that, when it comes to awareness training, when individuals can put themselves in the shoes of the victim and hear a compelling story, it becomes more than a theoretical scenario, and a real problem they may have to face one day. This is where threat intelligence comes into play.

What Is threat intelligence?

There are two types of threat intelligence that most security professionals are aware of. The first is operational threat intelligence and the other is traditional threat intelligence, which is the more common of the two. But what’s the difference?

Operational threat intelligence is often used to proactively defend a network or organization by ingesting indicators of compromise into a firewall, threat intelligence gateway, secure email gateway, or other device. By operationalizing threat intelligence, an organization is able to limit a threat actor or cybercriminal’s ability to interact with devices or services in a meaningful way. While many challenges exist in implementing operational threat intelligence at scale for most companies, it’s a very effective method of minimizing the initial risks that an employee may observe in the first place.

Traditional threat intelligence is where many professionals have lived historically. They are long reports that often read like a post-mortem of an attack. They’re a cautionary tale of what happens when you don’t patch a system, forget to conduct your monthly audit of firewall ACLs, or somehow succumb to another attack. These reports typically contain a plethora of indicators of compromise of course, but much more value can come from them, and that’s the tale that they tell.

Fortunately, we don’t expect non-technical employees to try and understand either of these, but how can we weave those same reports into a tool to better suit our audience?

Getting more value from threat intelligence

So, you’ve read through all the reports, reminded the IT staff to be extra diligent in reviewing firewall policies, made sure your GPO enforced the new password policy, scheduled your next phishing exercise for the next quarter, and now is the time to give your employees their annual security awareness training.

Reminding employees that everyone is a target is always a good first step. Except, what does the social media manager have to worry about? Being able to cite sources directly from threat intelligence can hook the people within various departments of why their positions can be valuable to attackers and get their initial attention, but it doesn’t stop there. You need to weave the whole story into a tale that feels personal.

Continuing with the role of social media, remind them of the types of data that they have access to. Do they have access to upcoming announcements regarding intellectual property implementations? Maybe they’re on email chains regarding upcoming mergers and acquisitions? By using traditional threat intelligence, IT teams can personalize the threat and drive home how much value information truly has and the lengths an adversary will go through to get access to it.

Some examples of various departments and the information they may hold that could prove valuable to an attacker include:

Human Resources: Passports and travel documentation, company rosters, departmental organization, various disability related accommodations made for employees (which can be used to victimize employees through extortion). 

Marketing: Upcoming feature deployments and focus of sales targeting, strategic messaging from the C-Suite, partnership announcements. 

Legal: Ongoing litigation, employee investigations, ransomware negotiation status, pending patent filings and supporting documentation, mergers and acquisitions, contractual obligations. 

Research and Development: Status of intellectual property developments, partner feature requests, limitations of technology, known vulnerabilities and bugs. 

Security and Operations: Current security policy, security software in place, roles and permissions for various users and other roles.

Traditional threat intelligence is laden with cautionary tales to demonstrate the value of every individual in an organization. These stories need to be told in a way that staff can internalize and bring home a valuable lesson. For example, using the Uber breach reports can be used to teach employees the importance of multi-factor authentication, proper usage, and the proper procedures for reporting anomalies in the service which can lead to a discussion about multi-factor authentication (MFA) fatigue attacks.

Where to find threat intelligence

The first place to look is internally. Has there been a recent breach at your own organization that can be openly discussed? There’s often a stigma associated with admitting our own faults, but maybe this is the answer to showing both the risk and direct impact of threats! Additionally, checking various cybersecurity vendor’s websites will likely yield enough information to get even the greenest organizations started. While some details may be sparse for the protection of victims, even anonymized information can be incredibly valuable.

The next step might be through a threat intelligence partner, where operational intelligence is being purchased from. Commercially acquired analysis may come with control restrictions which need to be further discussed but might already be available through an existing subscription. If not, creating your own training and purchasing reports could be another option.

Finally, most employees respond better when a third party is giving a passionate presentation about cybersecurity. Hiring an external entity to provide the training has many benefits including experience working with threat intelligence, personalized war stories of organizations who have been breached, the emotions of those who were involved, and an outside perspective that will seem fresh. At a higher level, decision makers are more likely to invest in the same funding requests when there’s a third party advocating for the same recommendations internal staff have been advocating for.

Making it personable

The importance of security awareness training has been at critical levels for over two decades now. Bringing everything together in common language, not that of the security industry, can be difficult. IT professionals work with security policy and procedures for the entirety of their workday. While the gap in knowledge and practice needs to be closed, the best way to do so is through organization-wide buy-in.

Threat intelligence is just one very valuable vehicle we have to make the training feel real, be engaging, and still convey the same points that have been discussed ad-nauseum. Once the people acknowledge they are a target, see the value they provide, then finally hear an engaging story of how attackers manipulate unsuspecting victims, it becomes something that a person can identify with.

We feature the best cloud antivirus.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

Samsung’s upcoming products are leaking all over the place, and the latest to appear are the Z Fold 6 and Z Flip 6.

We know the next Samsung Galaxy Z Fold 6 and Samsung Galaxy Z Flip 6 are going to be unveiled on July 10, and now we have a pretty good idea of what they’re going to look like too – and perhaps how much we’ll have to pay for them as well.

Huge image leaks from seasoned tipsters @evleaks and @rquandt have given us a look at these foldable phones from just about every angle imaginable. The second of those leaks, posted in full over at Winfuture, is courtesy of a retailer listing in Australia.

These images line up with previous leaks: the Galaxy Z Fold 6 is shown in a light gray or silver, a dark navy, and a light pink, as per a prediction earlier this month. As our Samsung Galaxy Z Fold 5 review will tell you, the current model is available in Icy Blue, Phantom Black, Cream, Gray, and Blue.

As for the Galaxy Z Flip 6, here we see pale green, silver, light blue, and yellow options – Light Blue, Mint, Silver Shadow, Yellow, Crafted Black, Peach, and White have previously been predicted. The current model can be bought in Mint, Lavender, Graphite, Cream, Blue, Green, Gray, and Yellow, as per our Samsung Galaxy Z Flip 5 review.

Design changes

We’re expecting to see some design tweaks from the Galaxy Z Fold 5 (Image credit: Future)

The designs of these foldable phones aren’t changing a huge amount from the models launched in 2023, but there are tweaks we can see here: the borders of the Z Flip 6 rear cameras, for example, are matched to the color of the casing, which is a detail that’s been spotted in earlier leaks.

And while it’s not all that easy to tell from these pictures, the cover display of the Z Fold 6 is apparently going to be a little shorter and wider this time around. It’s a change that’s been mentioned extensively in the leaks and rumors we’ve heard so far, and it should improve the user experience when the phone is closed shut.

We now think we know just about everything there is to know about these foldable phones, including potential camera upgrades, minimal increases in battery capacity, and price hikes that Samsung could be adding on top of the 2023 prices.

In a couple of weeks, everything will be official, and it isn’t just these foldables that are expected to be shown off at the next Samsung Unpacked: we should also see the Galaxy Watch 7, Galaxy Watch Ultra, Galaxy Buds 3, Galaxy Buds 3 Pro, and Galaxy Ring.

You might also like

Slimmer Z Fold 6 and Z Flip 6 models could be incomingWhat to expect from the next Samsung Galaxy UnpackedSamsung needs to lean on AI to make its next foldable

Read More 

A report has claimed that Apple is working on a new method for removing and replacing the iPhone 16’s battery.

Apple manages to squeeze a huge amount of tech into the best iPhones, but its devices are so densely packed that replacing any of their parts can quickly become frustrating. Throw in a smattering of fiddly clips and sticky glue and things can get messy fast.

When the iPhone 16 rolls around this September, though, that might all change in one important way. That’s because a report from The Information has claimed that Apple is working on an interesting new way to make its phone batteries easier to remove and replace.

Right now, iPhone batteries are held in place using adhesive strips. But according to the report’s authors, Apple wants to replace that system with a new method that “uses electricity to dislodge the battery.” This would appear in “at least one model of the iPhone 16 this year and possibly all versions of the iPhone 17 slated for global release next year,” the report claims.

The new method, dubbed “electrically induced adhesive debonding,” will see the iPhone’s battery encased in metal rather than the foil that Apple currently uses. The battery could then be removed by applying a small jolt of electricity to it, for instance by using a direct current power supply. 

Given the complexity of opening an iPhone case and the potential risks of handling electricity, Apple will still recommend that people enlist the help of a professional to replace their batteries, The Information reports.

Repairability vs durability

(Image credit: Tyler Lastovich / Unsplash)

The move has been prompted by legislation from the European Union (EU), which mandates that all phone makers ensure that their devices’ batteries can be replaced by their owners using accessible tools by 2025. 

It’s just the latest piece of EU legislation to have forced Apple’s hand, which so far has seen the iPhone manufacturer bring USB-C to its phones and open up its app store ecosystem to third parties.

As explained by Apple executive John Ternus, a large chunk of the reason why Apple uses adhesives inside its devices is to help make them more waterproof and stop water spreading through the inside of a device. Yet the company has to find a way to strike a balance between repairability and longevity – something that could be a tough nut to crack.

But we know that Apple is definitely thinking about it, as the company has been on a sustainability drive in recent weeks. Just yesterday, Apple announced it would expand its diagnostics software to anyone in Europe who wants to repair their iPhone, while at the same time it also released a sustainability white paper that outlined its efforts to make its devices last longer – and its belief that durability is preferable to repairability. Those moves follow a patent Apple filed earlier this year for replaceable, modular batteries, so we know the topic is being explored in Cupertino.

With the iPhone 16 just a few months away, we might soon see where some of these efforts have led – and whether Apple has managed to find the right balance between making its products last longer and making them easier to repair.

You might also like

Apple wants to make iPhones that ‘never fail’ rather than ‘super-easy to repair’ devices – but it’s not that simpleApple doesn’t think prioritizing repairability is always good for the environment – and it might be rightiPhone 16: release date speculation, latest leaks, price predictions and more

Read More 

A new Superman movie footage leak strongly hints at a cameo from another Man of Steel ally, but it isn’t Supergirl.

Potential spoilers follow for 2025’s Superman film.

A new video leak from the set of James Gunn’s Superman movie has seemingly confirmed that Krypto the Superdog will make a crowd-pleasing appearance in the film.

Just days after fans were given a better look at the Man of Steel’s costume and first images of fellow hero Mr. Terrific, more details have emerged about the forthcoming DC film as filming continues in Cleveland, Ohio. 

This time, a secretly shot video, which was posted on Cleveland.com’s X/Twitter account, shows Edi Gathegi’s Mr. Terrific finding Krypto, Superman’s loyal canine companion, and attempting to teach the Kryptonian dog to fly.

The footage initially shows Mr. Terrific running down a street with what appears to be a tracking device in his hands, which leads him to a pet store – one amusingly called Pet It Be – whose center window has been smashed by an escaped animal. The video then jumps to Mr. Terrific slowly approaching said escapee (well, the empty space where a CGI-d Krypto will eventually sit in the final product) to try and not spook him.

The final piece of footage seems to show Mr. Terrific, with dog treats in hand, attempting to coax Krypto to fly. Indeed, we see one of Superman‘s fellow heroes – real name Michael Holt – laterally jumping as he animatedly tries to get Krypto to leap into the air and fly. Unfortunately, it doesn’t seem like Mr. Terrific is succeeding in his endeavor, with the tech-based superhero seen letting out a frustrated scream before the video ends.

With principal photography on Gunn’s Superman flick, the first DC Cinematic (DCU) movie that’ll take flight in theaters in July 2025, set to continue over the next few weeks, we’ll likely see more footage and images leak before filming wraps. 

Superman‘s first-look image has already teased one of its potential villains, while another leak from Cleveland.com confirmed that Frank Grillo’s Rick Flag Sr, who’ll make his DCU debut in DCU Chapter One animated series Creature Commandos on Max this December, will surprisingly show up in Superman. Based on the latest batch of leaked images, fans are also speculating that Ultraman, an alternate universe version of the Man of Steel, will appear as a secondary antagonist.

Who is Krypto the Superdog?

Krypto the Superdog was last seen in DC League of Super-Pets, an animated kids film that was released in 2022. (Image credit: Warner Bros. Pictures)

The loyal pet of Superman, Krypto the Superdog is, much like Kal-El and his super-powered cousin Kara Zor-El, one of the few surviving beings from the doomed planet of Krypton. 

Making his first appearance in Adventure Comics #210 in March 1955, Krypto was originally seen as the faithful companion of Superboy. Initially, he was Kal-El’s protector when Superman was a toddler, but was soon used as a test subject (by Kal-El’s father, no less) for a rocket prototype that would eventually send Kal-El to Earth. After being knocked off course during its space test flight, Krypto’s rocket crash lands on Earth years after it was supposed to, eventually leading to a long-overdue reunion between him and Superman (then known as Superboy).

Like other Kryptonians, Krypto possesses superhuman abilities that are activated by the solar radiation from our star system’s yellow sun. His powers are proportionate to his size and species, however, so don’t expect him to be able to take a human supervillain on his own.

If (or, rather, when) Krypto makes his debut on 2025’s Superman, it’ll likely be a cameo or small supporting role. He’ll have a bigger role to play in another DCU movie – Supergirl: Woman of Tomorrow, which stars House of the Dragon alumnus Milly Alcock as Zor-El. 

Supergirl’s first big-screen adventure in over 40 years will fly into theaters on June 26, 2026, almost one year after Gunn’s Superman film is released. In November 2023, Ana Nogeuira was revealed as its writer in a big Supergirl update that not only confirmed Gunn was learning from the DCEU’s mistakes, but also that Krypto will play a major supporting role as part of its plot. We’ll get to see the lovable pup in at least one other DCU project, then, after Superman arrives in theaters.

You might also like

Find out how to watch the DC movies in orderThe DCU’s Green Lanterns Max series has found its chief creative team, and one particular addition is a perfect hirePeacemaker season 2’s new cast reveal means it’s going to be harder to follow James Gunn’s DC Cinematic Universe

Read More 

FSR 3.1 is here offering not just better quality upscaling, but the ability to bring frame generation to Nvidia and Intel GPUs.

AMD has officially pushed out FSR 3.1, the latest version of its upscaling and frame generation box of tricks that offers better quality – and a key ability that PC gamers are going to love – with initial support for five games.

You might remember that FSR 3.1 was announced back at GDC 2024 in March, with the promise of a Q2 release, so AMD has just sneaked in ahead of that self-imposed deadline with the feature going live.

To begin with, it’s supported by five games, all of them PlayStation ports (from Nixxes Software), namely: Horizon Forbidden West Complete Edition, Marvel’s Spider-Man Remastered, plus Spider-Man: Miles Morales, Ratchet & Clank: Rift Apart, and Ghost of Tsushima Director’s Cut.

On top of that, God of War Ragnarok (ported by Jetpack Interactive in this case, not Nixxes) is also billed as “coming soon” for FSR 3.1 support, but hasn’t got it yet.

FSR 3.1 ushers in a better level of quality in terms of the upscaled image compared to FSR 3, meaning less ghosting and flickering or other generally unwanted noise.

On top of that, though, the key introduction we mentioned at the outset is that AMD has decoupled upscaling and frame generation with FSR 3.1. That means frame generation is a separate entity so it can be applied on top of other upscaling solutions – such as Nvidia DLSS or Intel XeSS, not just FSR.

Analysis: A potent combo for older Nvidia RTX GPUs

So, why is this decoupling so important? Well, remember that Nvidia’s DLSS 3 frame generation is only available to those who own an RTX 4000 GPU – with older graphics cards from Team Green, you’re out of luck. You might be able to use DLSS 3.5, and indeed ray reconstruction fanciness – but not frame generation, it only works with Lovelace cards.

That’s where AMD comes in, as now, you can run your DLSS without frame generation on an older RTX graphics card, and stick the decoupled frame generation from FSR 3.1 on top, getting that frame rate boost. This is only with games that support FSR 3.1, of course, but that’ll still be an expanding library of titles. (Also, it’s worth noting that we’ve previously seen this kind of thing fudged to work unofficially, too, by clever modders).

In total, AMD notes that FSR 3 (not 3.1) supports 60 games now – or to be precise, there are 60 titles most of which have support, though some are still incoming.

Most of all, though, we have to take our hat off to AMD for maintaining a more open approach with its graphics card technologies, so Nvidia and Intel GPUs can get the benefit of FSR 3.1, or at least part of it, as well as Team Red’s own Radeon graphics cards.

You might also like

The best cheap graphics cards out thereTop gaming PCs: great rigs for serious PC gamingBest PC games of 2024: must-play titles you don’t want to miss

Read More