go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Trick Bot is back, still on the loose

Hi all, Trick Bot, another one of these notorious havocs is back. According to Trickbot Watch: Arrival via Redirection URL in Spam we’re not out of the woods yet. With the amount of spam that is out there, we really need to be on our guard. We can’t let up just because of the fact that its safe to open. As I find other articles that I can talk about here on the blog, we must continue to be on guard for things that we may not be expecting and slow down a bit. Here’s just one section of the article.

Defending against Trickbot: Trend Micro recommendations and solutions

Trickbot has seen developments beyond that of a typical banking trojan, and updates to it aren’t likely to go away anytime soon. For instance, it has also
been found being delivered as a payload by attacks like those of
Emotet.
Cybercriminals that take advantage of Trickbot primarily use phishing techniques that trick users into downloading attachments and visiting malicious sites
that steal their credentials.

Users and enterprises can protect themselves by following these best practices against spam and other phishing techniques:

list of 4 items
• Be wary of telltale signs of spam such as suspicious sender addresses and glaring grammatical errors.
• Refrain from opening email attachments from unverified sources.
• Keep comprehensive logs of what happens within the network, which allows IT personnel to track suspicious activities like traffic from malicious URLs.
• Monitor the network for potential threats, which can help an organization to identify malicious activities that traditional security solutions might
not be able to detect.
list end

Users and enterprises can also benefit from protection that uses a multilayered approach against risks brought by threats like Trickbot. We recommend employing
endpoint application control that reduces attack exposure by ensuring only files, documents, and updates associated with whitelisted applications and sites
can be installed, downloaded, and viewed. Endpoint solutions powered by
XGen™ security
such as
Trend Micro™ Security,
Trend Micro™ Smart Protection Suites,
Trend Micro Worry-Free™ Business Security,
and
Trend Micro Network Defense
can detect malicious files and URLs and protect users’ systems.

To get the proper formatting, please view the full HTML article, but I give this section to give you the idea of how bad this is. As Security Now has said, it only gets worse, right? Please leave those thoughts.

Comments (0)

CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner

When I initially read this article, I was wondering how I could convey the information on how dangerous this bug is. I really can’t, because it is so complex. CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner is the article and it goes in to detail on how it works, whats involved, and how to protect yourself. This bug basically takes certificate files in which you get when going to secure sites, and makes havoc out of it. I would check out the article to get the details on this one.

Comments (0)

a little late, but very interesting news about Baltimore County

I don’t know if I’ve covered Baltimore County’s ransomware attack, or lack there of. They weren’t even sure what happened. According to a report on Krebs on Security, this story is quite interesting. The good news, is there is no eternal blue processes in whatever they got hit with. Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware is the article, and it also was a great read.

Comments (0)

What to do if your email gets hacked

Hi all, I recently read an article about 5 signs that email gets hacked. They advise on what we should do in this article. I tried to help someone in a simular situation about one account on a domain I host here on the network, and I asked if the email was sent from our server and showed them how to check the sent items. Thats one thing we can do. Lastpass has a bunch of other stuff we can try, so 5 Signs Your Email Was Hacked – and What to Do About It  is the article.

I hope you enjoy it as much as I have reading it.

Comments (2)

Here’s something to ponder: Should User Passwords Expire? Microsoft Ends its Policy

hHere’s an article entitled Should User Passwords Expire? Microsoft Ends its Policy and it really makes you think. Here’s what I’m talking about under the heading “Password Requirements Misused” which talks about the misuse of what might be a bad practice.

It’s time to create a new password. Your system requires the password to be eight characters long, use one special character, and at least one number.
So what does the user put in place? Software Engineer Joshua Temple says it comes down to users going the easy route:

“Users don’t understand the concept of a secure password – if you can remember it, it isn’t secure. Most websites say ‘Must use one capital letter, special
character and a number, and be eight characters long and do a little jingle’, which then, typical user uses Somewords1234! instead of 71bzcWcN^BJ91*uMO”

Temple suggests that if a user falls into the above category, it is a safe assumption they do not subscribe to the concept of two factor authentication,
and even worse, there is a high likelihood this individual is reusing said poor practices across multiple services. So, even if on the off chance they
use a different password for a sensitive account, in some shape or form, it is associated to a poorly secured account. One breach of an account owned by
this ‘type’ of user, leads to a waterfall of compromised services. Changing passwords on a routine basis is a great practice, but it is only as secure
of a practice as the password itself.

This is a lot to think about, correct? I try not to use the same passwords, even if I generate it myself. I want to remember it and not use Lastpass for everything, so I’ve tried to change a combbination I can remember and come up with a very interesting pattern. I somehow can’t remember it, and maybe I should get rid of that practice. The heading that got my attention talks about not using your brain. The heading is: “Stop Using Your Brain” within the article.

For most organizations there is a balance between ease of use and security, a hypothetical seesaw, which takes us to our final point of view, our IT lead,
Shelby Baylis. While users may want to fly through logins and have everything easily accessible, organizations need to decide which end of the seesaw should
hold the most weight. For a company like ours, Baylis posits that our organization should always tip on the side of stronger security.

Because of this, Baylis feels that means regardless of Microsoft’s shift in policy, that organizations should still use time-based prompts to force users
to reset their passwords.

“Many will assume that a complex, memorable password is preferable to a regular interval. The solution is neither. Stop using your brains to create a password.
Use a password manager whether it is a local one like KeePass or a cloud-based one like LastPass. Let them generate a 20+ character password for you and
you just rely on your brain to change your master password on a regular basis.”

This is sound advice from someone who has to put up with actual users in a highly secure environment. Of course our other engineer still holds a valid
point regarding mass adoption from consumers, that enterprise organizations should draw a line in the sand and enforce whatever policy makes the most sense
for their needs.

“A regular interval for a password change is important because if your account is ever compromised in a breach and we hear about it until after the fact,
which is the case for most breaches, it is of no consequence because that password expired oodles ago since we have a password expiration policy. Stop
trying to use your brain on generating passwords. Use the password manager and its built in generator,” said Baylis.

They aren’t wrong. Now is the time that it is too dangerous for us as individuals to use our brains. They’ve got great things in this article, and I’ve only quoted two sections. I’m saddened that we really need to do this, as trying to find patterns we can remember should be a lot easier. It is time for us to stop this practice, and it should be changed, and its something I’ll continue to fix in my password practice.

One thing I tried to do was a pass phraise. If my pass phraise said: “Rusty is a good dog” I tried to make it secure by changing characters and even went so far as to put in a number like 1987. Of course, this might end up working if it is something you can remember, but I put this phraise as a note for one of my accounts, and last I knew I couldn’t get in to the thing as I had two of these types of phraises. I’m wondering if it is time to give this up and just use a manager such as lastpass, Trend Micro, Key Pass, One Password, or another not known to me or not mentioned? Its something we must think about, and we need to think about it really soon. Thoughts are welcome.

Comments (0)

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

Here’s an article about our favorite aspect of our lives, Mirai. Its up to some very new dangerous tricks. I think this is the most dangerous piece of malware out there. I just can’t imagine the type of things it can do now of days, and the article goes in to great detail on the latest happenings.

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

Comments (0)

Microsoft patches, we should too

Hi all,

I’ve not done one of these posts in awhile. Krebs on Security is one source where you can get information about the patches. Trend Micro is another source where you can go to read.

I’m sure that we’ll be updated over all too, as it sometimes can take time to push the updates out to everyone. Be on the lookout!

Comments (0)

WWDC, IOS, Mac, and More

Hello all,

WWDC was on June 3rd, and Apple Vis has several posts in which there is covere in regards to the Mac, IOS, the watch, and even some accessibility news in regards to these platforms.

I got a chance to review the WWDC post, and some of the accessibility post for myself. For those who don’t know about these posts, I’ll supply the links.

One user who talked about WWDC with me indicated that they watched it. I did not, but I read the majority of these posts I’m linking. The podcast links to an audio file which is podcast 1242 in the series. The articles are broken in to headings where appropriate.

Did you watch WWDC and if so, what did you think? One person said it was a waste of their 2 hours of time it took to watch it. I personally didn’t see it, so I’ve got no comment. Let me know in the comments.

Comments (0)

Dropbox increasing space, raising the price

Hello folks,

I saw an official looking email this morning that indicated some changes to the dropbox plus service that we are paying for.

• Double your storage —save everything with 2 TB (2,000 GB).
• World-class sync technology —move out-of-date files off your computer’s hard drive and to the cloud with Dropbox Smart Sync.
• Dropbox Rewind —roll back accidental changes to any folder, or your entire account, up to 30 days.
list end

This is all for just $2.00 more a month. Or you can always save by switching from monthly to yearly billing.

This is great news, I will see what the rewind feature is, that could come in handy I think. I can confirm that I have been increased as I launched dropbox, and it did say that my space was increased.

Go to the dropbox plans page to learn more about their various plans and feature set.

Comments (0)

In The Future, Will Your Kids Be Able To Sue You For Oversharing Online?

This article is quite lengthy, but well worth the read. I saw it on twitter today, and its a great read. It has several sides of a particular prediciment that parents get in to, and that is the sharing of their children’s lives. Some parents share everything, others share little or none. I think, that the parent needs to decide if it is something they want to do. According to the article, a French child was able to say something that got their parent in to trouble, but yet, no successful case in the U.S. has come to the courts in regards to children verses child. Will it happen? Maybe. How should we teach parents to make the right choice on what they share?

In The Future, Will Your Kids Be Able To Sue You For Oversharing Online?

Comments (3)

Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

OK, here we go. This aught to get interesting. This is strange.

The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks.

Source: Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

Comments Off on Bug Allows HIPAA-Protected Malware to Hide Behind Medical Images

Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years – Motherboard

This is quite interesting. I’m looking at twitter and found this. I never knew who was behind the 2nd part of the silk road, but knew there was a second version of it Very interesting.

Source: Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years – Motherboard

Comments Off on Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years – Motherboard

51 Critical Cyber Bullying Statistics in 2019

On the 12th of March, someone contacted me to share an article with this blog entitled 51 Critical Cyber Bullying Statistics in 2019 and there are a lot of things in there.

Cyberbullying is now defined as online, or offline methods of harassment, where by technology such as SMS, and social media is used.

There is a lot of things in this article that jump out at me, however, the biggest thing to jump out at me is the fact that this problem is not going away any time soon, and children and adults have had this done to them.

As I discussed in an earlier post, I believe that my deletion off of one of the chat lines was a bullish move, but yet, the company behind the telephone line choses to have someone that does this behavior to run it. All of that is their choice, and my participation is not wanted there.

Thats OK, we’ll just have to outsource elsewhere, and I’ve found that place.

I suggest each and every one of you look at this, and please feel free to share it.

Comments Off on 51 Critical Cyber Bullying Statistics in 2019

Patch Tuesday is come and gone, are you patched to the best of your ability?

Are you patched to the best of your ability? Articles around the web talk about patch tuesday in different ways.

I recently went through a reboot to clear up some issues, and I noticed it wanted to update so I let it do it. It took two reboots for it, so let it do its thing.

Cyberscoop also had an article of interest, you can go to their site to see if there is something of interest besides that article.

Comments Off on Patch Tuesday is come and gone, are you patched to the best of your ability?

Equifax is at it again, bad security gone wrong?

OK, so we all know that Equifax had a very big breach. We probably are finding out that it is more targeted than we think, as none of the data is in the underground. We also know that they’re scrambling to get this right because they screwed up. However, I have a very bad feeling, and I read MyEquifax.com Bypasses Credit Freeze PIN and this is not good. They can’t verify you based on info you provide, they don’t ask for the pin which is required once a freeze is put in place, and its just all bad.

Brian does a great job covering this, and I put my thoughts on board 295 on Live Wire, but I also will cover this on the next podcast. This can’t start the year right for the company, can it?

Comments Off on Equifax is at it again, bad security gone wrong?

Thousands of Arizonans hit in Medicaid agency’s data breach

OK, here we go. If you’re in Arizona, please at least read this short article. It is important for you to do so if you receive Medicade from the state. I found this toay on twitter, and I feel that we should pass this along to people who are in this state.

Thousands of Arizonans were affected by a data breach earlier this year that targeted the state’s Medicaid agency, it was announced Monday. 

Source: Thousands of Arizonans hit in Medicaid agency’s data breach

Comments Off on Thousands of Arizonans hit in Medicaid agency’s data breach

Senate panel accuses Equifax of neglecting cybersecurity ahead of 2017 breach

You aught to nbe kidding me, right? 8500 vulnerabilities that weren’t patched in 90 days? Holy crap.

An institutional neglect toward cybersecurity contributed to the massive 2017 data breach at Equifax that compromised sensitive information for

Source: Senate panel accuses Equifax of neglecting cybersecurity ahead of 2017 breach

Comments Off on Senate panel accuses Equifax of neglecting cybersecurity ahead of 2017 breach

Trends from 2018, what can we learn?

This is an article i definitely want to talk about. It is entitled A Look Back at the 2018 Security Landscape and it has some very interesting things in here.

Phishing has gone up 269 percent. That is a huge jump, and I have a hunch that it won’t get any better, will it?

Social engineering has also been in cybercriminals minds as they are using fraudulent addresses to get at their victims.

The good news is that Ransomwhere is declining, but it is still an issue for companies. I predicted that this was going to be a continuing increase, and I’m glad I’m wrong on this.

To take its place, buisness email compromise is on the rise, and that may be the upcoming trend this year. This could be just as bad as the ransomware that was once so common.

The program vulnerability landscape is also increasing. I don’t remember what the final number Steve mentioned in one of the final security now’s of 2018, but it was in the thousands for the CVE index. Trend Micro’s zero day program will continue to be busy as well as other bug bounty programs.

Is there anything else that they missed that yoou noticed? I’m curious on what you think. Thanks for reading!

Comments Off on Trends from 2018, what can we learn?

BEC is back, should we blame the employee?

I recently read this article entitled Don’t Blame Employees who fall for a BEC scam! and it is an article by Trend Micro. They have some great points, one of which is education. How are your average non-technical people to understand what to look for if they don’t know? While common sense is at play, we can’t fault them when they are in a hurry and think that it looks legit. We must train on the signs on what looks real and what looks fake. The fakes always have some sort of mistakes in its message, and it definitely doesn’t have the words of the domain, in the address, or within its URL’s if it does have links to log in somewhere.

Have you had any signs of this before? What did you do?

Comments Off on BEC is back, should we blame the employee?

Think of satellites as big, vulnerable IoT devices, researcher says

When I read the article entitled Think of satellites as big, vulnerable IoT devices, researcher says I really had to sit and think about this a bit. I didn’t even think when I read this article that satelites were even connected to the Internet. It would make sense seeing that we have the international space station, and they can do work on it unmanned. This is something that can definitely be thought about, CyberScoop did a great job on this article.

Comments Off on Think of satellites as big, vulnerable IoT devices, researcher says

Older Posts »

go to sections menu


navigation menu

go to sections menu