{"id":117916,"date":"2024-10-24T18:39:57","date_gmt":"2024-10-24T11:39:57","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=117916"},"modified":"2024-10-24T18:39:57","modified_gmt":"2024-10-24T11:39:57","slug":"nsa-tells-iphone-and-android-users-reboot-your-device-now","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=117916","title":{"rendered":"NSA Tells iPhone And Android Users: Reboot Your Device Now"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">How sage is the NSA zero-click threat advice in 2024?<\/p>\n<p><\/fbs-accordion><small>SOPA Images\/LightRocket via Getty Images<\/small><\/figcaption><\/figure>\n<p><em>Update, Oct. 24, 2024: This story, originally published Oct. 22, includes details of new security recommendations issued by the U.S. Cybersecurity and Infrastructure Security Agency along with details of the U.K. Government Cyber Essentials scheme.<\/em><\/p>\n<p>Comedy fans may well recognize \u201chave you tried turning it off and on again\u201d from the British sitcom <em>The IT Crowd<\/em>. But what if the National Security Agency told all smartphone users to do it? And, more to the point, if you follow that advice, will you be safe from malware and spyware in 2024 and beyond?<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The NSA Turn It Off And On Again Advice For iPhone And Android Users<\/h2>\n<p>The NSA\u2019s original warning was published in a <a href=\"https:\/\/s3.documentcloud.org\/documents\/21018353\/nsa-mobile-device-best-practices.pdf\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/s3.documentcloud.org\/documents\/21018353\/nsa-mobile-device-best-practices.pdf\" data-ga-track=\"ExternalLink:https:\/\/s3.documentcloud.org\/documents\/21018353\/nsa-mobile-device-best-practices.pdf\" aria-label=\"mobile device best practices guide\">mobile device best practices guide<\/a> in 2020. If you are having difficulty opening the PDF document the previous link takes you to, then there is an alternative route to the same document that requires a few more clicks available from the <a href=\"https:\/\/www.nsa.gov\/Press-Room\/Telework-and-Mobile-Security-Guidance\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.nsa.gov\/Press-Room\/Telework-and-Mobile-Security-Guidance\/\" data-ga-track=\"ExternalLink:https:\/\/www.nsa.gov\/Press-Room\/Telework-and-Mobile-Security-Guidance\/\" aria-label=\"NSA press room\">NSA press room<\/a>. With smartphones running across all operating system platforms becoming an increasingly popular target for threat actors of all flavors, the NSA said that \u201cmany of the features provide convenience and capability but sacrifice security\u201d and attempted to pin down simple steps that even the most non-technical users could take to better protect their devices and the data stored within. Earlier this year, <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/06\/01\/nsa-warns-iphone\u2014android-users-to-turn-it-off-and-on-again\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/06\/01\/nsa-warns-iphone\u2014android-users-to-turn-it-off-and-on-again\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/06\/01\/nsa-warns-iphone%E2%80%94android-users-to-turn-it-off-and-on-again\/\" aria-label=\"I reported on the NSA advice\" rel=\"noopener\">I reported on the NSA advice<\/a>, and that article has continued to stir a myriad of responses to this day. I\u2019ve had security experts and smartphone users alike thank me for bringing the warning to their attention and scold me for not going into more detail about what rebooting can\u2019t help protect people from. All of these opinions are valid, of course, and this article is written in the hope of providing more clarification.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2 link-embed--long-title\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/18\/police-issue-new-2fa-warning-for-all-gmail-outlook-facebook-x-users\/\" target=\"_blank\" aria-label=\"Cybercrime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/18\/police-issue-new-2fa-warning-for-all-gmail-outlook-facebook-x-users\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Cybercrime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/670fa09f0c61505ee9522a7b\/960x0.jpg);\"\/><\/span><\/a><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"\/><\/p>\n<p>Let\u2019s start by saying that I have nothing but praise for the document that the NSA has published; not only is the advice contained sage, but it is presented in such a way as to be clear to all audiences. Taking a pictorial approach, the NSA used an icon-based warning system informing readers what they should avoid, disable, do and not do. The do list includes using strong PINs and passwords, biometric locks and regular software updates, for example. The do-not advice covers rooting or jailbreaking your phone, clicking unknown links or opening unknown attachments. But it\u2019s the disable icon that piqued my interest most, especially when it came to disabling power by turning the device off and on again on a weekly basis.<\/p>\n<p>The second page of the infographic-heavy advice document took more of a tabular approach to warning smartphone users of things they should be doing regarding threat mitigation. This time, the iconography was divided between sometimes prevents and almost always prevents. When regularly rebooting your smartphone, the recommendation was to use it as it sometimes prevents spear phishing (to install malware) and zero-click exploits. It was never, therefore, a silver bullet solution or a one-size-fits-all security panacea.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/13\/new-gmail-security-alert-for-billions-as-7-day-ai-hack-confirmed\/\" target=\"_blank\" aria-label=\"New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/13\/new-gmail-security-alert-for-billions-as-7-day-ai-hack-confirmed\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/64e7031f115ba4a1a14af6bb\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Do <strong>iPhone And Android <\/strong>Users Need To Regularly Reboot Their Smartphones In 2024?<\/h2>\n<p>The short answer to whether you need to reboot your smartphone every week in 2024 is no. But need is doing a lot of heavy lifting in that question. From a security perspective, rebooting will still remove the threat from non-persistent malware \u2014 that is a threat that cannot survive a reboot. I know that\u2019s pretty obvious, but it needs saying. There\u2019s plenty of malware that fits into this category, and not all of it from the least advanced or sophisticated of threat actors.<\/p>\n<p>When spyware was making the headlines for all the right reasons, with nation-states using advanced software such as Pegasus to infect both Android and iPhone devices, reports suggested that it changed from having persistence to relying upon binary payloads being exploited again after a reboot. This reliance on malware in memory, rather than being written to permanent storage, is another way to evade leaving evidence of surveillance during such sophisticated attacks.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-6\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/24\/why-you-shouldnt-change-your-passwords-like-its-1999\/\" target=\"_blank\" aria-label=\"Why You Shouldn\u2019t Change Your Passwords Like It\u2019s 1999\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/24\/why-you-shouldnt-change-your-passwords-like-its-1999\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Why You Shouldn\u2019t Change Your Passwords Like It\u2019s 1999<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/66f2a81edc4cc25cad1f14fb\/960x0.jpg);\"\/><\/span><\/a> <\/p>\n<p>\u201cAs long as people are regularly updating their devices when fresh operating system versions are released,\u201d Jake Moore, global cybersecurity evangelist with ESET, said, \u201cdevices will remain healthy and protected. It is, however, a good idea to reboot your phone on a regular basis but more for battery reasons over security.\u201d<\/p>\n<p>Moore is right in saying that a quick reboot can often resolve performance issues and connectivity problems. However, that doesn\u2019t mean that security reasons for rebooting are entirely off the table. \u201cZero-click malware is a recurring issue for both Apple and Android operating systems\u201d Moore said, \u201cbut it is generally identified and addressed quickly. Once detected, a patch is developed, and a new update is released to mitigate the threat.\u201d<\/p>\n<p>There is no definitive answer when it comes to the voracity of the NSA warning and the rebooting recommendation, however, erring on the side of caution is never to be underestimated in my humble opinion. There\u2019s an interesting <a href=\"https:\/\/security.stackexchange.com\/questions\/270904\/does-rebooting-a-phone-daily-increase-your-phones-security\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/security.stackexchange.com\/questions\/270904\/does-rebooting-a-phone-daily-increase-your-phones-security\" data-ga-track=\"ExternalLink:https:\/\/security.stackexchange.com\/questions\/270904\/does-rebooting-a-phone-daily-increase-your-phones-security\" aria-label=\"discussion on Stack Exchange\">discussion on Stack Exchange<\/a> that sums things up rather nicely: the long answer is that it depends on what your handheld did since its last reboot, the short answer being, on average, that rebooting reduces vulnerability. Rebooting has little, if any, downside so why not reboot regularly? I\u2019m siding with the NSA on this one.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-8\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/20\/police-bust-iserver-hackers-who-unlocked-500000-stolen-phones\/\" target=\"_blank\" aria-label=\"How iServer Hackers Unlocked 500,000 Stolen Smartphones\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/20\/police-bust-iserver-hackers-who-unlocked-500000-stolen-phones\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">How iServer Hackers Unlocked 500,000 Stolen Smartphones<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/66ed8a1952ecfb374e131a4f\/960x0.jpg);\"\/><\/span><\/a> <\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The U.S. Cybersecurity And Infrastructure Security Agency Proposes New Security Requirements\u2014iPhone And Android Users Take Note<\/h2>\n<p>As reported by <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-proposes-new-security-requirements-to-protect-govt-personal-data\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-proposes-new-security-requirements-to-protect-govt-personal-data\/\" data-ga-track=\"ExternalLink:https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-proposes-new-security-requirements-to-protect-govt-personal-data\/\" aria-label=\"Bleeping Computer\">Bleeping Computer<\/a>, the U.S. Cybersecurity and Infrastructure Security Agency has just published a new set of security proposals designed to protect personal data and government information from hostile adversaries. The list of proposed security requirements is aimed directly at those government bodies moving sensitive data in bulk and, most specifically, at those doing so where the information might be exposed to persons or countries of concern. This most often means those engaged in cyber espionage campaigns against the U.S. or with a history of state sponsorship of advanced persistent threat actors. CISA said that it assesses the implementation of the requirements as necessary to validate an organization has the technical capability and sufficient governance structure to \u201cappropriately select, successfully implement and continue to apply the covered data-level security requirements in a way that addresses the risks identified by Department of Justice for the restricted transactions.\u201d At the same time it notes that specific requirements may vary for different transactional types.<\/p>\n<p>The likes of maintaining an updated asset inventory of hardware and accurate network topologies are beyond the remit of most individuals, no matter how sensible they might be otherwise. But you would be foolish to focus just on the unobtainable benefit from what is a very sound list of recommendations.<\/p>\n<p>The full list of security requirements being proposed by CISA is available as <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-10\/Proposed-Security-Requirements-EO-14117-21Oct24508.pdf\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-10\/Proposed-Security-Requirements-EO-14117-21Oct24508.pdf\" data-ga-track=\"ExternalLink:https:\/\/www.cisa.gov\/sites\/default\/files\/2024-10\/Proposed-Security-Requirements-EO-14117-21Oct24508.pdf\" aria-label=\"a PDF document\">a PDF document<\/a> and is highly recommended as a must-read for any organization looking to strengthen their security posture.<\/p>\n<p>&#8220;For U.S. cybersecurity efforts, these requirements represent a crucial step towards securing national infrastructure against evolving threats,\u201d Dr Marc Manzano, general manager of cybersecurity at SandboxAQ, said, \u201cThese new guidelines, focusing on protecting sensitive information, present opportunities for modern cryptography management systems enabling asset discovery, observability, fine-grained management, and protection.\u201d Deploying solutions like these will, Manzano concluded, contribute toward making government entities enhance their encryption frameworks, ensuring compliance and securing data against future cryptographic threats.<\/p>\n<p>While the proposals are squarely aimed at federal agencies first and foremost, it doesn\u2019t mean that the advice put forward has no consequence for us mere mortals. Indeed, some of the steps that are proposed should be etched on the smartphone screens of all iPhone and Android users: Updating devices to fix known vulnerabilities as quickly as possible, making use of second-factor authentication on all accounts where it is available and ensuring that passwords are at least 16 characters long, for example.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The U.K. Government Cyber Essentials Scheme Brings Better Security To Businesses<\/h2>\n<p>The U.K. government has a <a href=\"https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-impact-evaluation\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-impact-evaluation\" data-ga-track=\"ExternalLink:https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-impact-evaluation\" aria-label=\"newly published research paper\">newly published research paper<\/a> that seeks to detail the impact that its Cyber Essentials scheme has on improving the cybersecurity of those businesses and organizations taking part. The Cyber Essentials scheme is, effectively, a set of standards and technical controls that organizations of any size, and in any sector, should consider as essential in the effort to protect themselves and their users against the most common of online security threats. Although, as with any such advice, the scheme cannot claim to provide a security panacea, official statistics from the U.K. government show that those organizations with the Cyber Essentials scheme controls in place make 92% fewer insurance claims for cyberattacks than those without.<\/p>\n<p>&#8220;This evaluation clearly demonstrates that Cyber Essentials offers significant security benefits to organizations,\u201d William Wright, CEO of Closed Door Security, said. \u201cAccredited businesses are clearly more cyber-aware, they feel more prepared to handle routine cyber attacks and they feel confident with the controls they have in place.\u201d What\u2019s also evident, according to Wright, is that organizations feel much more confident when entering into business partnerships with suppliers who are also Cyber Essentials accredited, and as such the certification process it provides is being used practically to support third-party and supply chain resilience.<\/p>\n<p>However, just as with the NSA advice for smartphone users to turn it off and on again, a single piece of advice is never going to be enough to provide anything more than surface-level protection. As I\u2019ve mentioned earlier in this article, a multi-layered approach is the only way to improve your security and that applies to businesses as much as it does to individuals, if not more. The study data reveals that 53% of respondents are using Cyber Essentials as the only form of external assurance they have for their cyber security. \u201cIf these organizations are only accredited with the basic version of the certification,\u201d Wright warns, \u201cthis will not be enough to protect their systems against many of the attacks we are seeing today.\u201d<\/p>\n<p>Wright is, if you\u2019ll forgive the pun, right. Cyber Essentials certification itself is in the form of a self-assessment questionnaire, which is examined by a Cyber Essentials assessor. There is no physical verification of the answers and, therefore, of the claimed controls being in place. While I\u2019m not suggesting that some organizations would lie to gain certification that could provide a business benefit, well, OK, I am; but there is little to confirm those controls are deployed correctly. This basic version of the Cyber Essentials certification is \u201cnot enough to defend against today\u2019s sophisticated attacks,\u201d Wright concludes, \u201corganizations should strive to achieve the Cyber Essentials Plus certification, but blend this with other principles like NIST, CIS Controls and ISO27001 to really improve their cyber resilience.\u201d<\/p>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/24\/nsa-tells-iphone-and-android-users-reboot-your-device-now\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How sage is the NSA zero-click threat advice in 2024? SOPA Images\/LightRocket via Getty Images Update, Oct. 24, 2024: This story, originally published Oct. 22, includes details of new security &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=117916\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-117916","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/117916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=117916"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/117916\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=117916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=117916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=117916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}