Every year, MKBHD holds its Smartphone Awards, choosing the best smartphones in different categories. For 2024, the YouTuber chose phones for 10 categories, and surprisingly, iPhone 16 won an unexpected one this years Best Small Phone.As noted by MKBHD, the definition of a small phone has changed a lot in recent years, as many companies have abandoned smaller phone sizes including Apple. The mini-sized iPhone gave way to the iPhone 14 Plus in 2022 and never came back. Even so, the YouTuber chose the iPhone 16 as the Best Small Phone of 2024.Although it has a 6.1-inch display, its size is considered relatively small by todays standards. Marques praises how Apple has improved this years base model with a lot of features from the Pro lineup while keeping the phone somewhat small and super light. Its the ideal phone for people who want a powerful phone without a huge screen.More from MKBHD Smartphone Awards2024When it comes to the camera, the iPhone 16 Pro won in the Best Camera category. Even though the YouTuber says that there are phones with much more advanced sensors, such as the Vivo X200 Pro, he believes that the iPhone still stands out for the whole package especially for professional video recording.Still, Marques chose Samsungs Galaxy S24 Ultra as the Phone of the Year. According to him, the S24 Ultra may seem boring because it doesnt have anything super exciting (like a foldable design), but it does have a great screen, a great battery, great cameras and more. The YouTuber praised the new anti-reflective coating and said that the S24 Ultra was the phone he used the most during the year.Heres the full list:Best Big Phone:Samsung Galaxy S24 UltraBest Small Phone:iPhone 16Best Camera:iPhone 16 ProBest Value:Nothing Phone 2aBest Battery:Red Magic 10 ProBest Design:Hauwei Mate XTBest Foldable:Google Pixel 9 Pro FoldMost Improved:Google Pixel 9 Pro FoldBust of the Year:Asus Zenfone 11 UltraPhone of the Year:Samsung Galaxy S24 UltraYou can watch the full video belowto see all the winners of the MKBHD Smartphone Awards 2024:Do you agree with this years winners? Which ones would you choose? Let us know in the comments section below.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple on Thursday stopped signing iOS 18.1.1, preventing users from downgrading to this version of the operating system if their iPhone or iPad is already running a newer version. The move comes a week after the release of iOS 18.2, which introduced significant new features and improvements.Apple blocks downgrade from iOS 18.2 to iOS 18.1.1With iOS 18.1.1 no longer being signed, iPhone and iPad users can no longer revert to this version of the operating system. iOS 18.1.1 was released on November 19 and brought some important security patches. iOS 18.2 was released on December 11 and introduced many new features, including Image Playground, Genmoji, ChatGPT integration with Siri, Camera Control enhancements, and Mail Categorization. Of course, the update also includes multiple security patches, including one that prevents malicious apps from accessing private information.Apples decision to stop signing iOS 18.1.1 aligns with its commitment to user security. By encouraging users to update to the latest version, Apple aims to protect devices from potential vulnerabilities.The inability to downgrade affects the jailbreaking community, as reverting to older iOS builds is often utilized for this purpose. While some users may be frustrated by the inability to downgrade, Apples policy of stopping the signing of older iOS versions is a long-standing practice aimed at maintaining the security of its ecosystem.Users are strongly advised to update their devices to iOS 18.2 to ensure they have the most recent security patches and feature improvements. This can be done through the Settings app under General > Software Update.Its worth noting that Apple still lets users running iOS 17 on their devices keep receiving security patches without having to upgrade to iOS 18. However, once you upgrade to iOS 18, its no longer possible to downgrade to iOS 17 either. If youre running iOS 18.3 beta, you can only downgrade to iOS 18.2.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

OpenAI last month announced a major update to the macOS ChatGPT app, which gained the ability to read on-screen content in certain apps. The company is now rolling out an update that expands support for Apple Notes and even more third-party apps.Whats new in ChatGPT for macOSAccording to OpenAI, the latest update of ChatGPT for macOS enables support for even more third-party apps. For instance, it can now read content from Apple Notes, Notion, and Quip. In addition, the list of supported apps now includes BBEdit, Android Studio, AppCode, and many more. Heres the full list of new apps supported by ChatGPT on Mac:New IDEs: BBEdit, MatLab, Nova, Script Editor, and TextMate;VS Code forks: VSCode Insiders, VSCodium, Cursor, and WindSurf;Jetbrains IDEs: Android Studio, AppCode, CLion, DataGrip, GoLand, IntelliJ IDEA, PHPStorm, PyCharm, RubyMine, RustRover, and WebStorm;Terminal apps: Prompt and Warp;Productivity apps: Apple Notes, Notion, and QuipWhen the feature was introduced, it only worked with iTerm 2, Terminal, TextEdit, VS Code, and Apples Xcode. As an example, users can ask ChatGPT to read code from an Xcode project and ask for suggestions on how to improve it without having to manually copy and paste the code into the ChatGPT app. It can even read content from more than one app at the same time, which is very useful for working with developer tools.For privacy reasons, users can control at any time when and which apps ChatGPT can read. You have the same controls over how this data is stored or processed as you normally would over anything else in your conversation history, says OpenAI.Integration with third-party apps is only available to ChatGPT Plus, Pro, Team, Enterprise, and Edu subscribers. Theres no word on when (or if) the feature will become available to free ChatGPT users.You can download the ChatGPT app for macOSfrom OpenAIs website. Its available for free, while ChatGPT Plus subscribers can sign in and access their full account. Its worth noting that macOS 15.2, which was recently released to the public, lets users interact with ChatGPT directly from Siri.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

But her emails!Private ERemember when Donald Trump called for his opponent Hillary Clinton to be "locked up" for using a private email server to conduct government business? As it turns out, he doesn't seem to be applying the same standard to his own White House.AsPolitico reports, officials trying to coordinate with the Trump transition team are raising red flags over their use of private servers and non-government devices especially after both China and Iran tried to hack Trump and his running mate JD Vance ahead of the election.According to Michael Daniel, a former White House cybersecurity coordinator during the second Obama administration who now runs his own security nonprofit, those concerns remain salient."I can assure you that the transition teams are targets for foreign intelligence collection," Daniel told Politico. "There are a lot of countries out there that want to know: What are the policy plans for the incoming administration?"Trump's team has, according to the report, conducted an entirely privatized transition. Instead of working with any .gov emails or servers, the transition is instead sending emails associated with the transition47.com, trumpvancetransition.com, and djtfp24.com websites. The Trump transition is also using its own cybersecurity support, Politico notes.All this, it's worth noting, is exactly what sank Clinton's campaign in 2016 and put Trump in the White House instead.Ample AttestationOfficials with the outgoing Biden administration have, according to two insiders who spoke to the website, advised their people that they can choose to meet for in-person document exchanges and meetings that could otherwise have been done electronically.A White House spokesperson toldPolitico that federal agencies have been reminded that they can choose to "only offer in-person briefings and reading rooms in agency spaces" if they're concerned about security, and that they can require officials with the Trump transition to "attest" their security is up to government snuff."Because they dont have official emails, people are really wary to share things," a State Department official told Politico on condition of anonymity. "Im not going to send sensitive personnel information to some server that lives at Mar-a-Lago while there are so many fears of doxxing and hacking.""They have to physically come and look at the documents on campus," the official continued, "especially for anything with national security implications."A spokesperson for the Trump transition, meanwhile, confirmed that the team is conducting all its business on a "transition-managed email server" and insisted that it's using "security and information protections," without specifying what they were.According to that spox, using private servers eliminates the need for "additional government and bureaucratic oversight" a far cry from the "lock her up" battle cry of yore.More on team Trump: Elon Musk Throws Tantrum, Ordering Congress to Shut Down GovernmentShare This Article

Who's really in control? The President of the United States or his most outspoken financial backer?Now that multi-hyphenate billionaire Elon Musk's deep pockets got Donald Trump reelected, some tough questions have emerged for the incoming administration.Trump isn't laughing as Musk continues taking matters into his own hands, often giving the impression that the SpaceX CEO rather than his septuagenarian pal is really in charge of the upcoming White House.Trump spokesperson Karoline Leavitt seemed very touchy today about the suggestion that it's Musk calling the shots."As soon as President Trump released his official stance on [efforts to avoid a government shutdown], Republicans on Capitol Hill echoed his point of view," she said. "President Trump is the leader of the Republican Party. Full stop."Trump has previously issued a jokesy warning to Musk not to undermine his authority too much. But the situation gained new momentum this week when Musk took to X,in a barrage of over 100 posts, to pressure lawmakers to kill a bipartisan spending bill that would avoid an imminent government shutdown.Though he's been put in charge of a so-called Department of Government Efficiency which will operate from outside the government and play only an advisory role to slash the federal budget, Musk isn't an elected politician.Yet to Democrats and Republicans alike, his repeated calls to torpedo the bill efforts which have appeared to pay off made it feel like he was setting the agenda, instead of Trump himself."President-elect Musk is really setting down the marker of how he wants to run his administration,"former GOP representative Adam Kinzinger joked. "VP Trump better pay attention."Kinzinger's comments, and many others like it, have clearly struck a nerve, as evidenced by Leavitt's statement.Unsurprisingly, the torpedoing of the bill had plenty of lawmakers equally furious."Democrats and Republicans spent months negotiating a bipartisan agreement to fund our government," said senator Bernie Sanders in a statement. "The richest man on Earth, President Elon Musk, doesnt like it. Will Republicans kiss the ring?"Nobody really knows how this situation will pan out. Is Trump a "shadow president," operating in the pocket of the world's richest man? What other kinds of change could a furious Musk bring to the US government?This isn't just a pointless kerfuffle amongst some extremely influential people Musk's growing influence could have potentially incredibly harmful and destabilizing effects on how the US government is run, affecting the entire country and world.Meanwhile, Trump loyalists in Congress are holding the line that Musk and Trump have forged a lasting relationship."DOGE can only truly be accomplished by reigning in Congress to enact real government efficiency," representative Marjorie Taylor Greene tweeted. "The establishment needs to be shattered just like it was yesterday."Share This Article

Earlier this month, Google announced a brand-new quantum chip dubbed Willow.The 105-qubit chip that's double the qubit count of the tech giant's preceding Sycamore chip completed a computation in under five minutes that would take a modern supercomputer a "mind-boggling" 10 septillion years, the company said.The news reignited a debate surrounding the security of blockchains, the distributed ledgers that run digital currencies like Bitcoin. Could a future quantum computer break the cryptocurrency's encryption, allowing thieves to abscond with unfathomable sums?As Fortune reports, researchers at the University of Kent found in a yet-to-be-peer-reviewed study that the risk is very real. In fact, just the downtime required to update the blockchain to protect itself from an encryption-breaking quantum computer could extend to 76 days and the resulting losses would likely be staggering."Bringing your technology down... can be very, very costly, even if its on for a few minutes or a few hours," coauthor and senior lecturer at the University of Kent Carlos Perez-Delgado told Fortune."If I had a large quantum computer right now, I could essentially take over all the Bitcoin," he added. "By tomorrow, I could be reading everybodys email and getting into everybodys computer accounts, and thats just the fact."But exactly how imminent this threat is remains highly debatable. In an update last week, AllianceBernstein analysts argued that Bitcoin contributors should "start preparing for the quantum future."However, "any practical threat to Bitcoin seems decades away," the analysts wrote.Researchers have similarly argued that it would take quantum computers with millionsof qubits to break Bitcoin encryption in a single day.Analysts have also found that SHA-256 encryption, which serves as the security measure protecting Bitcoin miners today, could eventually be cracked albeit with quantum hardware that hasn't even been dreamed up yet.On a broader scale, apart from cracking cryptocurrencies, Google's latest quantum chip also falls woefully short of doing anything actually useful as of right now."The particular calculation in question is to produce a random distribution," German physicist and science communicator Sabine Hossenfeldertweeted in response to Google's recent announcement. "The result of this calculation has no practical use."In short, while many agree that quantum computers could pose a growing threat to the cryptography behind Bitcoin, the cryptocurrency community could still have plenty of time to implement changes to protect the blockchain.Which is easier said than done. As Fortune points out, Bitcoin's decentralized nature could make pushing an encryption update an immense task.But that doesn't mean the cryptocurrency shouldn't do it. In an October blog post, Vitalik Buterin, the cofounder of the prominent cryptocurrency Ethereum, argued that advancing quantum computing tech could have "consequences across the entire Ethereum roadmap.""The indisputable fact that nobody can argue is that when we do get there," Perez-Delgado told Fortune, "our current securities, the cybersecurity systems which includes everything from Bitcoin to email will be in great danger."More on Bitcoin: Man Accused of Being Satoshi Nakamoto Goes Into HidingShare This Article

Dec 19, 2024Ravie LakshmananSupply Chain / Software SecurityThreat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively."While typosquatting attacks are hardly new, the effort spent by nefarious actors on these two libraries to pass them off as legitimate is noteworthy," Sonatype's Ax Sharma said in an analysis published Wednesday."Furthermore, the high download counts for packages like "types-node" are signs that point to both some developers possibly falling for these typosquats, and threat actors artificially inflating these counts to boost the trustworthiness of their malicious components."The npm listing for @typescript_eslinter/eslint, Sonatype's analysis revealed, points to a phony GitHub repository that was set up by an account named "typescript-eslinter," which was created on November 29, 2024. Present with this package is a file named "prettier.bat." Another package linked to the same npm/GitHub account is named @typescript_eslinter/prettier. It impersonates a well-known code formatter tool of the same name, but, in reality, is configured to install the fake @typescript_eslinter/eslint library.The malicious library contains code to drop "prettier.bat" into a temporary directory and add it to the Windows Startup folder so that it's automatically run every time the machine is rebooted."Far from being a 'batch' file though, the "prettier.bat" file is actually a Windows executable (.exe) that has previously been flagged as a trojan and dropper on VirusTotal," Sharma said.On the other hand, the second package, types-node, incorporates to reach out to a Pastebin URL and fetch scripts that are responsible for running a malicious executable that's deceptively named "npm.exe.""The case highlights a pressing need for improved supply chain security measures and greater vigilance in monitoring third-party software registry developers," Sharma said.The development comes as ReversingLabs identified several malicious extensions that were initially detected in the Visual Studio Code (VSCode) Marketplace in October 2024, a month after which one additional package emerged in the npm registry. The package attracted a total of 399 downloads.The list of rogue VSCode extensions, now removed from the store, is below -EVM.Blockchain-ToolkitVoiceMod.VoiceModZoomVideoCommunications.ZoomZoomINC.Zoom-WorkplaceEthereum.SoliditySupportZoomWorkspace.Zoomethereumorg.Solidity-Language-for-EthereumVitalikButerin.Solidity-EthereumSolidityFoundation.Solidity-EthereumEthereumFoundation.Solidity-Language-for-EthereumSOLIDITY.Solidity-LanguageGavinWood.SolidityLangEthereumFoundation.Solidity-for-Ethereum-Language"The campaign started with targeting of the crypto community, but by the end of October, extensions published were mostly impersonating the Zoom application," ReversingLabs researcher Lucija Valenti said. "And each malicious extension published was more sophisticated than the last."All the extensions as well as the npm package have been found to include obfuscated JavaScript code, acting as a downloader for a second-stage payload from a remote server. The exact nature of the payload is currently not known.The findings once again emphasize the need for exercising caution when it comes to downloading tools and libraries from open-source systems and avoid introducing malicious code as a dependency in a larger project. "The possibility of installing plugins and extending functionality of IDEs makes them very attractive targets for malicious actors," Valenti said. "VSCode extensions are often overlooked as a security risk when installing in an IDE, but the compromise of an IDE can be a landing point for further compromise of the development cycle in the enterprise."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 19, 2024Ravie LakshmananMalware / BotnetJuniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware.The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024."These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network," it said. "The impacted systems were all using default passwords."Mirai, which has had its source code leaked in 2016, has spawned several variants over the years. The malware is capable of scanning for known vulnerabilities as well as default credentials to infiltrate devices and enlist them into a botnet for mounting distributed denial-of-service (DDoS) attacks.To mitigate such threats, organizations are recommended to change their passwords with immediate effect to strong, unique ones (if not already), periodically audit access logs for signs of suspicious activity, use firewalls to block unauthorized access, and keep software up-to-date.Some of the indicators associated with Mirai attacks include unusual port scanning, frequent SSH login attempts indicating brute-force attacks, increased outbound traffic volume to unexpected IP addresses, random reboots, and connections from known malicious IP addresses."If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device," the company said.The development comes as the AhnLab Security Intelligence Center (ASEC) revealed that poorly managed Linux servers, particularly publicly exposed SSH services, are being targeted by a previously undocumented DDoS malware family dubbed cShell."cShell is developed in the Go language and is characterized by exploiting Linux tools called screen and hping3 to perform DDoS attacks," ASEC said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 19, 2024Ravie LakshmananVulnerability / Network SecurityFortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information.The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0."A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the company said in an alert released Wednesday.However, according to a description of the security flaw in the NIST's National Vulnerability Database (NVD), the path traversal vulnerability could also be exploited by an attacker to "execute unauthorized code or commands via specially crafted web requests."The flaw impacts the following versions of the product -FortiWLM versions 8.6.0 through 8.6.5 (Fixed in 8.6.6 or above)FortiWLM versions 8.5.0 through 8.5.4 (Fixed in 8.5.5 or above)The company credited Horizon3.ai security researcher Zach Hanley for discovering and reporting the shortcoming. It's worth mentioning here that CVE-2023-34990 refers to the "unauthenticated limited file read vulnerability" the cybersecurity company revealed back in March as part of a broader set of six flaws in FortiWLM."This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint," Hanley said at the time."This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system."A successful exploitation of CVE-2023-34990 could allow the threat actor to read FortiWLM log files and get hold of the session ID of a user and login, thereby allowing them to exploit authenticated endpoints as well.To make matters worse, the attackers could take advantage of the fact that the web session IDs are static between user sessions to hijack them and gain administrative permissions to the appliance.That's not all. An attacker could also combine CVE-2023-34990 with CVE-2023-48782 (CVSS score: 8.8), an authenticated command injection flaw that has also been fixed in FortiWLM 8.6.6, to obtain remote code execution in the context of root.Also patched by Fortinet is a high-severity operating system command injection vulnerability in FortiManager that may allow an authenticated remote attacker to execute unauthorized code via FGFM-crafted requests.The vulnerability (CVE-2024-48889, CVSS score: 7.2) has been addressed in the below versions -FortiManager 7.6.0 (Fixed in 7.6.1 or above)FortiManager versions 7.4.0 through 7.4.4 (Fixed in 7.4.5 or above)FortiManager Cloud versions 7.4.1 through 7.4.4 (Fixed in 7.4.5 or above)FortiManager versions 7.2.3 through 7.2.7 (Fixed in 7.2.8 or above)FortiManager Cloud versions 7.2.1 through 7.2.7 (Fixed in 7.2.8 or above)FortiManager versions 7.0.5 through 7.0.12 (Fixed in 7.0.13 or above)FortiManager Cloud versions 7.0.1 through 7.0.12 (Fixed in 7.0.13 or above)FortiManager versions 6.4.10 through 6.4.14 (Fixed in 6.4.15 or above)Fortinet also noted that a number of older models, 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E, are affected by CVE-2024-48889 provided the "fmg-status" is enabled.With Fortinet devices becoming an attack magnet for threat actors, it's essential that users keep their instances up-to-date to safeguard against potential threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

On Dec. 5, a warning from vendor Deloitte alerted the state government of Rhode Island that RIBridges, its online social services portal, was the potential target of a cyberattack. By Dec. 10, Deloitte confirmed the breach. On Dec. 13, Rhode Island instructed Deloitte to shut down the portal due to the presence of malicious code, according to an alert published by the state government.Brain Cipher, the group claiming responsibility, is threatening to release the sensitive data stolen in the attack, potentially impacting hundreds of thousands of people, according to The New York Times.State and local government entities, such as RIBridges, are popular targets for ransomware gangs. They are repositories of valuable data, provide essential services, and are often under-resourced. What do we know about this attack so far and the ongoing cyber risks state and local governments face?The Brain Cipher AttackRIBridges manages many of Rhode Islands public benefits programs, such as the Supplemental Nutrition Assistance Program (SNAP), Medicaid, and health insurance purchased on the states marketplace. Deloitte manages the system and Brain Cipher claims to have attacked Deloitte, BleepingComputer reports.We are aware of the claims by the threat actor. Our investigation indicates that the allegations relate to a single client's system, which sits outside of the Deloitte network. No Deloitte systems have been impacted, according to an emailed statement from Deloitte.Related:The information involved in the breach could include names, addresses, dates of birth and Social Security numbers, as well as certain banking information, according to the RIBridges alert.Rhode Island Governor Daniel McKee (D) issued a public service announcement urging the states residents to protect their personal information in the wake of the breach.Based on the information that's being put out there by the governor about the steps you can take to minimize the fallout of this, that tells me that they're unlikely to be paying the ransom, says Truman Kain, senior product researcher at managed cybersecurity platform Huntress.Brain Cipher appears to be a relatively new ransomware gang. We've tracked five confirmed attacks so far, including this one. Two others have been on government entities as well: one in Indonesia and one in France, Rebecca Moody, head of data research at Comparitech, a tech research website, tells InformationWeek.In June, the ransomware group hit Indonesias national data center. It demanded an $8 million ransom, which it ultimately did not receive. In August, it posted Runion des Muses Nationaux (RMN), a public cultural organization in France, to its data leak site, alleging the theft of 300GB of data, according to Comparitech.Related:In addition to these confirmed attacks, there are 19 unconfirmed attacks potentially linked to Brain Cipher, according to Moody. It is unclear how much the group may have collected in ransoms thus far.It's always really difficult to know when people have paid because, obviously, if they pay they [threat groups] shouldn't really add them to the data leak site, and obviously, companies are very reluctant to tell you if theyve paid a ransom because they think it leaves them open to future attack, says Moody.Ransomware Attacks on GovernmentGovernment remains a popular target for threat actors. They are vulnerable because they are a key service for people, and they can't afford downtime, says Moody. It is one of the sectors that we've seen a consistently high number of attacks.Between 2018 and December 2023, a total of 423 ransomware attacks on US government entities resulted in an estimated $860.3 million in downtime, according to Comparitech. For 2024, Comparitech tracked 82 ransomware attacks on US government agencies, up from 79 last year.Related:Of the 270 respondents in the state and local government sector included in The State of Ransomware in State and Local Government 2024 report from Sophos, just 20% paid the initial ransom demand. States such as Florida, North Carolina, and Tennessee, have legislation limiting or even prohibiting public entities from paying ransom demands.That doesnt necessarily mean threat actors will avoid targeting government entities. Even if a threat group cannot successfully extort a victim, it can still sell stolen data to the highest bidder. Ransoms are probably higher than what they would get for leaking the data. It depends on how much data is stolen though and the value of that data, says Moody.Regardless of whether a government agency pays when hit with ransomware, it still must deal with the disruption and fallout.While cybersecurity threats to local and state governments are highly publicized, funding continues to be a stumbling block. Just 36% of local IT executives report that they have adequate budget to support cybersecurity initiatives, according to the 2023 Local Government Cybersecurity National Survey from Public Technology Institute.While budgets may be limited, cybersecurity cannot be ignored, Kain argues.I think its kind of an excuse for state and local governments to say, Oh, well we just don't have the budget. So, cybersecurity is an afterthought, he says. Things should really start from a cybersecurity perspective, especially when you're dealing with sensitive data like this.State and local government agencies can focus on cybersecurity basics, like enabling multi-factor authentication, regular security awareness training for staff, and vulnerability patching. It's those key things that don't necessarily cost a lot, says Moody. Also [be] prepared for the inevitable because no one's immune to them [attacks].