#Fact Old image of Hindu Priest with Donald trump at White house goes viral as recent.

Executive Summary:

Apple has quickly responded to two severe zero-day threats, CVE-2024-44308 and CVE-2024-44309 in iOS, macOS, visionOS, and Safari. These defects, actively used in more focused attacks presumably by state actors, allow for code execution and cross-site scripting (XSS). In a report shared by Google’s Threat Analysis Group, the existing gaps prove that modern attacks are highly developed. Apple’s mitigation comprises memory management, especially state management to strengthen device security. Users are encouraged to update their devices as soon as possible, turn on automatic updates and be careful in the internet space to avoid these new threats.

Introduction

Apple has proved its devotion to the security issue releasing the updates fixing two zero-day bugs actively exploited by hackers. The bugs, with the IDs CVE-2024-44308 and CVE-2024-44309, are dangerous and can lead to code execution and cross-site scripting attacks. The vulnerabilities have been employed in attack and the significance of quick patch release for the safety of the users.

Vulnerabilities in Detail

The discovery of vulnerabilities (CVE-2024-44308, CVE-2024-44309) is credited to Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). These vulnerabilities were found in JavaScriptCore and WebKit, integral components of Apple’s web rendering framework. The details of these vulnerabilities are mentioned below:

CVE-2024-44308

• Severity: High (CVSS score: 8.8)
• Description: A flaw in the JavaScriptCore component of WebKit. Malicious web content could cause code to be executed on the target system and make the system vulnerable to the full control of the attacker.
• Technical Finding: This vulnerability involves bad handling of memory in the course of executing JavaScript, allowing the use of injected payloads remotely by the attackers.

CVE-2024-44309

• Severity: Moderate (CVSS score: 6.1)
• Description: A cookie management flaw in WebKit which might result in cross site scripting (XSS). This vulnerability enables the attackers to embed unauthorized scripts into genuine websites and endanger the privacy of users as well as their identities.
• Technical Finding: This issue arises because of wrong handling of cookies at the state level while processing the maliciously crafted web content and provides an unauthorized route to session data.

Affected Systems

These vulnerabilities impact a wide range of Apple devices and software versions:

• iOS 18.1.1 and iPadOS 18.1.1: For devices including iPhone XS and later, iPad Pro (13-inch), and iPad mini 5th generation onwards.
• iOS 17.7.2 and iPadOS 17.7.2: Supports earlier models such as iPad Pro (10.5-inch) and iPad Air 3rd generation.
• macOS Sequoia 15.1.1: Specifically targets systems running macOS Sequoia.
• visionOS 2.1.1: Exclusively for Apple Vision Pro.
• Safari 18.1.1: For Macs running macOS Ventura and Sonoma.

Apple's Mitigation Approach

Apple has implemented the following fixes:

• CVE-2024-44308: Enhanced input validation and robust memory checks to prevent arbitrary code execution.
• CVE-2024-44309: Improved state management to eliminate cookie mismanagement vulnerabilities.

These measures ensure stronger protection against exploitation and bolster the underlying security architecture of affected components.

Broader Implications

The exploitation of these zero-days highlights the evolving nature of threat landscapes:

• Increasing Sophistication: Attackers are refining techniques to target niche vulnerabilities, bypassing traditional defenses.
• Spyware Concerns: These flaws align with the modus operandi of spyware tools, potentially impacting privacy and national security.
• Call for Timely Updates: Users delaying updates inadvertently increase their risk exposure

Technical Recommendations for Users

To mitigate potential risks:

1. Update Devices Promptly: Install the latest patches for iOS, macOS, visionOS, and Safari.
2. Enable Automatic Updates: Ensures timely application of future patches.
3. Restrict WebKit Access: Avoid visiting untrusted websites until updates are installed.
4. Monitor System Behavior: Look for anomalies that could indicate exploitation.

‍

‍

Conclusion

The exploitation of CVE-2024-44308 and CVE-2024-44309 targeting Apple devices highlight the importance of timely software updates to protect users from potential exploitation. The swift action of Apple by providing immediate improved checks, state management and security patches. Users are therefore encouraged to install updates as soon as possible to guard against these zero day flaws.

References:

• https://support.apple.com/en-us/121752
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44308
• https://securityonline.info/cve-2024-44308-and-cve-2024-44309-apple-addresses-zero-day-vulnerabilities/ 

‍

Introduction

The role of ‘Small and Medium Enterprises’ (SMEs) in the economic and social development of the country is well established. The SME sector is often driven by individual creativity and innovation. With its contribution at  8% of the country’s GDP, and 45% of the manufactured output and 40% of its exports, SMEs provide employment to about 60 million persons through over 26 million enterprises producing over six thousand products. 

It would be an understatement to say that the SMEs sector in India is highly heterogeneous in terms of the size of the enterprises, variety of products and services produced and the levels of technology employed. With the SME sector booming across the country, these enterprises are contributing significantly to local, state, regional and national growth and feeding into India’s objectives of inclusive, sustainable development. 

As the digital economy expands, SMEs cannot be left behind and must integrate online to be able to grow and prosper. This development is not without its risks and cybersecurity concerns and digital threats like misinformation are fast becoming a pressing pain point for the SME sector. The unique challenge posed to SMEs by cyber threats is that while the negative consequences of digital risks are just as damaging for the SMEs as they are for larger industries, the former’s ability to counter these threats is not at par with the latter, owing to the limited nature of resources at their disposal. The rapid development of emerging technologies like artificial intelligence makes it easier for malicious actors to develop bots, deepfakes, or other forms of manipulated content that can steer customers away from small businesses and the consequences can be devastating. 

Misinformation is the sharing of inaccurate and misleading information, and the act can be both deliberate and unintentional. Malicious actors can use fake reviews, rumours, or false images to promote negative content or create backlash against a business’ brand and reputation. For a fledgling or growing enterprise, its credibility is a critical asset and any threat to the same is as much a cause for concern as any other operational hindrance. 

Relationship Building to Counter Misinformation

We live in a world that is dominated by brands. A brand should ideally inspire trust. It is the single most powerful and unifying characteristic that embodies an organisation's culture and values and once well-established, can create incremental value. Businesses report industry rumours where misinformation resulted in the devaluation of a product, sowing mistrust among customers, and negatively impacting the companies’ revenue. Mitigating strategies to counter these digital downsides can include implementing greater due diligence and basic cyber hygiene practices, like two-factor or multi-factor authentication, as well as open communication of one’s experiences in the larger professional and business networks. 

The loss of customer trust can be fatal for a business, and for an SME, the access to the scale of digital and other resources required to restore reputations may simply not be a feasible option. Creating your brand story is not just the selling pitch you give to customers and investors, but is also about larger qualitative factors such as your own motivation for starting the enterprise or the emotional connection your audience base enjoys with your organisation. The brand story is a mosaic of multiple tangible and intangible elements that all come together to determine how the brand is perceived by its various stakeholders. Building a compelling and fortified brand story which resonates deeply with people is an important step in developing a robust reputation. It can help innoculate against several degrees of misinformation and malicious attempts and ensure that customers continue to place their faith in the brand despite attempts to hurt this dynamic.

Engaging with the target audience, ie, the customer base is part of an effective marketing tool and misinformation inoculation strategy. SMEs should also continuously assess their strategies, adapt to market changes, and remain agile in their approach to stay competitive and relevant in today's dynamic business environment. These strategies will lead to greater customer engagement through the means of feedback, reviews and surveys which help in building trust and loyalty. Innovative and dynamic customer service engages the target audience and helps in staying in the competition and being relevant.

Crisis Management and Response

Having a crisis management strategy is an important practice for all SMEs and should be mandated for better policy implementation. Businesses need greater due diligence and basic cyber hygiene practices, like two-factor authentication, essential compliances, strong password protocols, transparent disclosure, etc. 

The following steps should form part of a crisis management and response strategy:

• Assessing the damage by identifying the misinformation spread and its impact is the first step.  
• Issuing a response in the form of a public statement by engaging the media should precede legal action. 
• Two levels of communication need to take place in response to a misinformation attack. The first tier is internal, to the employees and it should clarify the implications of the incident and the organisation’s response plan. The other is aimed at customers via direct outreach to clarify the situation and provide accurate information in regard to the matter.  If required the employees can be provided training related to the handling of the customer enquiries regarding the misinformation.
• The digital engagement of the enterprise should be promptly updated and social media platforms and online communications must address the issue and provide clarity and factual information. 
• Immediate action must include a plan to rebuild reputations and trust by ensuring customers of the high quality of products and services. The management should seek customer feedback and show commitment to improving processes and transparency. Sharing positive testimonials and stories of satisfied customers can also help at this stage. 
• Engaging with the community and collaborating with organisations is also an important part of crisis management.

While these steps are for rebuilding and crisis management, further steps also need to be taken:

• Monitoring customer sentiment and gauging the effectiveness of the efforts taken is also necessary. And if required, strategic adjustments can be made in response to the evolving circumstances. 
• Depending on the severity of the impact, management may choose to engage the professional help of PR consultants and crisis management experts to develop comprehensive recovery plans and help navigate the situation.
• A long-term strategy which focuses on building resilience against future attacks is important. Along with this, engaging in transparency and proactive communication with stakeholders is a must.

Legal and Ethical Considerations

SMEs administrators must prioritise ethical market practices and appreciate that SMEs are subject to laws which deal with defamation, intellectual property rights- trademark and copyright infringement in particular, data protection and privacy laws and consumer protection laws. Having the knowledge of these laws and ensuring that there is no infringement upon the rights of other enterprises or their consumers is integral in order to continue engaging in business legally. 

Ethical and transparent business conduct includes clear and honest communication and proactive public redressal mechanisms in the event of misinformation or mistakes. These efforts go a long way towards building trust and accountability. 

Proactive public engagement is an important step in building relationships. SMEs can engage with the community where they conduct their business through outreach programs and social media engagement. Efforts to counter misinformation through public education campaigns that alert customers and other stakeholders about misinformation serve the dual purpose of countering misinformation and creating deep community ties. SME administrators should monitor content and developments in their markets and sectors to ensure that their marketing practices are ethical and not creating or spreading misinformation, be it in the form of active sensationalising of existing content or passive dissemination of misinformation created by others. Fact-checking tools and expert consultations can help address and prevent a myriad of problems and should be incorporated into everyday operations.

Conclusion

Developing strong cybersecurity protocols, practising basic digital hygiene and ensuring regulatory compliances are crucial to ensure that a business not only survives but also thrives. Therefore, a crisis management plan and trust-building along with ethical business and legal practices go a long way in ensuring the future of SMEs.  In today's digital landscape, misinformation is pervasive, and trust has become a cornerstone of successful business operations. It is the bedrock of a resilient and successful SME. By implementing and continuously improving trust-building efforts, businesses can not only navigate the challenges of misinformation but also create lasting value for their customers and stakeholders. Prioritising trust ensures long-term growth and sustainability in an ever-evolving digital landscape.

References 

• https://SME.gov.in/sites/default/files/SME-Strategic-Action-Plan.pdf 
• https://carnegieendowment.org/research/2024/01/countering-disinformation-effectively-an-evidence-based-policy-guide?lang=en 
• https://dcSME.gov.in/Report%20of%20Expert%20Committee%20on%20SMEs%20-%20The%20U%20K%20Sinha%20Committee%20constitutes%20by%20RBI.pdf 

‍

11th November 2022 CyberPeace Foundation in association with Universal Acceptance has successfully conducted the workshop on Universal Acceptance and Multilingual Internet for the students and faculties of BIT University under CyberPeace Center of Excellence (CCoE).

CyberPeace Foundation has always been engaged towards the aim of spreading awareness regarding the various developments, avenues, opportunities and threats regarding cyberspace. The same has  been the keen principle of the CyberPeace Centre of Excellence setup in collaboration with various esteemed educational institutes. We at CyberPeace Foundation would like to take the collaborations and our efforts to a new height of knowledge and awareness by proposing a workshop on UNIVERSAL ACCEPTANCE AND MULTILINGUAL INTERNET. This workshop was instrumental in providing the academia and research community a wholesome outlook towards the multilingual spectrum of internet including Internationalized domain names and email address Internationalization.

‍Date –11th November 2022

‍Time – 10:00 AM to 12:00 PM

‍Duration – 2 hours

‍Mode - Online

‍Audience – Academia and Research Community

‍Participants Joined- 15

‍Crowd Classification - Engineering students (1st and 4th year, all streams) and Faculties members

‍Organizer : Mr. Harish Chowdhary : UA Ambassador

‍Moderator: Ms. Pooja Tomar, Project coordinator cum trainer

‍Speakers - Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG)and

‍Mr. Mahesh D Kulkarni Director, Evaris Systems and Former Senior Director, CDAC, Government of India,First session was delivered by Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG) “Universal Acceptance( UA) and why UA matters?”

• What is universal acceptance?
• UA is cornerstone to a digitally inclusive internet by ensuring all domain names and email addresses in all languages, script and character length.
• Achieving UA ensures that every person has the ability to navigate the internet.
• Different UA issues were also discussed and explained.
• Tagated systems by the UA and implication were discussed in detail.

Second session was delivered by Mr. Mahesh D Kulkarni, ES Director Evaris on the topic of “IDNs in Indian languages perspective- challenges and solutions”.

• The multilingual diversity of India was focused on and its impact.
• Most students were not aware of what Unicode, IDNS is and their usage.
• Students were briefed by giving real time examples on IDN, Domain name implementation using local language.
• In depth knowledge of and practical exposure of Universal Acceptance and Multilingual Internet has been served to the students.
• Tools and Resources for Domain Name and Domain Languages were explained.
• Languages nuances of Multilingual diversity of India explained with real time facts and figures.
• Given the idea of IDN Email,Homograph attack,Homographic variant with proper real time examples.
• Explained about the security threats and IDNA protocols.
• Given the explanation on ABNF.
• Explained the stages of Universal Acceptance.