go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



Security Now, podcasts 701-704

Here are the announcements about podcasts 701-704 of one of my favorite podcasts Security Now.

RSS here

Security Now (MP3)

Subscribe to this podcast using
Live Bookmarks
 Always use Live Bookmarks to subscribe to podcasts.
Subscribe Now
Go to Security Now (Audio)

Security Now (MP3)
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics
in security today with Leo Laporte. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 21:30 UTC.

Comments Off on Security Now, podcasts 701-704

Time change

Hello,

The blog has been updated with the correct time as we just changed time in the united States.

Comments Off on Time change

Trends from 2018, what can we learn?

This is an article i definitely want to talk about. It is entitled A Look Back at the 2018 Security Landscape and it has some very interesting things in here.

Phishing has gone up 269 percent. That is a huge jump, and I have a hunch that it won’t get any better, will it?

Social engineering has also been in cybercriminals minds as they are using fraudulent addresses to get at their victims.

The good news is that Ransomwhere is declining, but it is still an issue for companies. I predicted that this was going to be a continuing increase, and I’m glad I’m wrong on this.

To take its place, buisness email compromise is on the rise, and that may be the upcoming trend this year. This could be just as bad as the ransomware that was once so common.

The program vulnerability landscape is also increasing. I don’t remember what the final number Steve mentioned in one of the final security now’s of 2018, but it was in the thousands for the CVE index. Trend Micro’s zero day program will continue to be busy as well as other bug bounty programs.

Is there anything else that they missed that yoou noticed? I’m curious on what you think. Thanks for reading!

Comments Off on Trends from 2018, what can we learn?

BEC is back, should we blame the employee?

I recently read this article entitled Don’t Blame Employees who fall for a BEC scam! and it is an article by Trend Micro. They have some great points, one of which is education. How are your average non-technical people to understand what to look for if they don’t know? While common sense is at play, we can’t fault them when they are in a hurry and think that it looks legit. We must train on the signs on what looks real and what looks fake. The fakes always have some sort of mistakes in its message, and it definitely doesn’t have the words of the domain, in the address, or within its URL’s if it does have links to log in somewhere.

Have you had any signs of this before? What did you do?

Comments Off on BEC is back, should we blame the employee?

Technology podcast 307 is now out

Tech podcast 307 is now out on the RSS feed. I’ll be updating mixcloud later.

Braille Transcription
Philmore Productions
News notes

These are the items that are in the podcast. Enjoy!

Comments Off on Technology podcast 307 is now out

Think of satellites as big, vulnerable IoT devices, researcher says

When I read the article entitled Think of satellites as big, vulnerable IoT devices, researcher says I really had to sit and think about this a bit. I didn’t even think when I read this article that satelites were even connected to the Internet. It would make sense seeing that we have the international space station, and they can do work on it unmanned. This is something that can definitely be thought about, CyberScoop did a great job on this article.

Comments Off on Think of satellites as big, vulnerable IoT devices, researcher says

Here’s some great news: 20-year-old pleads guilty to DDoS-for-hire scheme that netted $550,000

Hello everyone,

Its time for some good news. 20-year-old pleads guilty to DDoS-for-hire scheme that netted $550,000 is the latest in the good news department. I’m very happy to see this, now lets see if the sentence will teach them how to not use services for evail, and thoughts are welcome.

Comments Off on Here’s some great news: 20-year-old pleads guilty to DDoS-for-hire scheme that netted $550,000

These scammers claim to have videos of your most private moments

I believe I’ve covered this from time to time, but in an article These scammers claim to have videos of your most private moments and I think I’ve covered this in other articles.

The article talks about how they’ll tell you that they have pictures and videos of you doing certain things, and want you to pay up or get exposed. As I’ve stated before, this particular deal has some tell tail signs.

  • Do you have a camera?
  • If you do, at the time of the email, were you doing something with that camera?
  • Do you know if your camera is patched with the most up to date software that you were aware of?
  • Do you know if there is a way for the camera to auto shut off, and do you know if it can be viewed from the outside?

I’d be asking questions, and as I said, the emails I’ve gotten were latenight, when I was in bed. Growl!

Please check the article for ideas on what else you can do. I bet there are some ideas that I haven’t covered.

Comments Off on These scammers claim to have videos of your most private moments

What has been read as of late

Hello all,

Its been a long time since I’ve posted articles, and I really thought it would be good to post on some of what I’ve read that might be of interest to you.

This isn’t an exhaustive list, and of course I’m well behind, so some may be old. For that, I’m truly sorry about that, but I really need to get reading by the looks of it.

There has been lots of talk about the DNS infrustructure in an article entitled A Deep Dive on the Recent Widespread DNS Hijacking Attacks which was penned by Brian Krebs on the 18th of February. This article, while late, is probably still timely to read, because I have a hunch that this will not be going away any time soon. This may be the future of attacks coming soon, after all other methods have been exhausted.

I don’t see a lot of Mac news, but I did see this one from Trend Micro. They have lead the way in making sure people are protected, but I’m honestly not sure about the accessibility of their Mac product. I haven’t used the windows product as of late, but MSE is all the blind are recommended to use. Trend Micro Antivirus for Mac 2019 is Certified by AV-TEST with Top Scores for Protection, Performance, and Usability is the article in question. A mac user? Blind or disabled? Tried it? How have you faired with it?

Blind Eagle, a new APT group, poses as Colombia’s Cyber Police to steal business secrets posted on cyberscoop, really did something for me, and I still want to talk about this one on the podcast. What really set this apart for me was the following short paragraph.

The most recent attack outlined in the research occurred on Feb. 14. The phishing email appeared to come from the Colombian National Civil Registry, and
was aimed at the National Institute for the Blind.

Why in the world would anyone want to go after a blindness institution? What did the institute do to the group to cause them to go after them? Blindness related agencies do not have the money to be able to defend from you, because they don’t make a whole lot. No wonder it is called blind eagle. Wow!

Next, the health industry has continued to take a hit with an article I saw and intend to talk about as well. U. of Washington Medicine learned it exposed info on 974k people after a patient found their data on Google was penned on CyberScoop and this can’t be good. Seems like this is an ongoing trend, and now the info is out on a search engine.

In the good news department: Russian hacker accused of creating NeverQuest malware pleads guilty and Third suspect in Methbot, 3ve case to plead not guilty after extradition from Malaysia have been published on Cyberscoop and a step forward. We also have Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison posted to Krebs. Great news and again, a step forward. I love to see such stories.

Finally, we continue to see breaches, and I think if nothing else in the bad news department: Payroll Provider Gives Extortionists a Payday was posted to Krebs. Guess the payroll provider really wants to pay, don’t they?

I don’t want to post every single item, this post could get lengthy, but this is just some what I’ve read as of late. Anything from here catch your eye? Let me know!

Comments Off on What has been read as of late

The technology podcast, podcast 306

Hi all, I’ve neglected to let you know on the blog about podcast 306’s publication. Its up on the RSS feed and livewire/ground zero for those on there.


On this podcast, we’ve got braille transcription, talk on articles of varying degrees, and does anyone have any common sense?


It was posted on the 23rd of February.

I’m usually pretty good at making sure that the blog gets updated, don’t know why I didn’t do this then. Oopse!

Comments Off on The technology podcast, podcast 306

Whose Line Is It? When Voice Phishing Attacks Get Sneaky

The topic of phishing and more specifically voice phishing is not new, but this is clever. I know I’ve not posted to the blog as of late, and I’m back to change that.

Going through twitter, I found this article, and I think it worth the read. Always something new to learn.

Researchers investigate malicious apps designed to intercept calls to legitimate numbers, making voice phishing attacks harder to detect.

Source: Whose Line Is It? When Voice Phishing Attacks Get Sneaky

Comments Off on Whose Line Is It? When Voice Phishing Attacks Get Sneaky

Apple Releases iOS 12.1.4 and Updated Version of macOS Mojave 10.14.3 with Fix for Major FaceTime Bug

This Apple Vis post Apple Releases iOS 12.1.4 and Updated Version of macOS Mojave 10.14.3 with Fix for Major FaceTime Bug posted to Apple Vis is something we all should take an opportunity to read. I’ll be tryng to apply the update over the weekend so that I’m as secure as possible. I want to pass this along.

Comments Off on Apple Releases iOS 12.1.4 and Updated Version of macOS Mojave 10.14.3 with Fix for Major FaceTime Bug

Security Now, podcast 700

SN 700: 700 and Counting!
Tuesday, February 5, 2019, 6:58 PM

Security Now (Audio)

• Chrome gets “spell-check for URLs”
• Catch up on your Linux patch up!
• Performance enhancements for Chrome and FireFox.
• Facebook must really like being in the doghouse.
• The Japanese government takes on IoT security.
• Ubiquity routers are in trouble again.
• Chrome “Never Slow” mode in the works.

Hosts:
Steve Gibson
and
Leo Laporte

Download or subscribe to this show at
https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the
GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.

Sponsors:

• FreshBooks.com/securitynow
• LastPass.com/twit
• securitynow.cachefly.com

Media files
sn0700.mp3
(audio/mpeg, 58.3 MB)
SN RSS >

Comments Off on Security Now, podcast 700

February Ouch newsletter

Sans does a newsletter called Ouch. In February’s issue, they touch on Scams, and one of them talked about in this newsletter I’ve seen multiple copies of. They claim that they hacked my computer, turned on my web cam, and they’d send the video unless I didn’t pay. Problem was, I know i have no web camera on this computer, so good luck with a blank video of whatever you’ve got.

OUCH! Newsletter: Personalized Scams

Comments Off on February Ouch newsletter

The Braille Transcription course to date

Hi all,

I’m going to give you a link which is going to expire in 7 days. This link is to all of the podcast segments to date including one for an upcoming 306. Download the braille transcription segments and give me your thoughts. You can download a complete zip file, or download individual files. Feel free to pass the link along, and lets discuss what could be changed as part of the course for others in my situation.

Comments Off on The Braille Transcription course to date

SN 699: Browser Extension Security

SN 699: Browser Extension Security

Tuesday, January 29, 2019, 7:18 PM

Security Now (Audio)

direct SN download

• The expressive power of the social media friends we keep
• The persistent DNS hijacking campaign which has the US Government quite concerned
• Last week’s iOS and macOS updates (and doubtless another one very soon!)
• A valiant effort to take down malware distribution domains
• Chrome catching up to IE and Firefox with drive-by file downloads
• Two particularly worrisome vulnerabilities in two Cisco router models publicly disclosed last Friday
• The state of the industry and the consequences of extensions to our web browsers.

We invite you to read our
show notes.

Hosts:
Steve Gibson
and
Leo Laporte

Download or subscribe to this show at
https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the
GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.

Sounds like another packed show, and I’m looking forward to it. This should be fun.

Comments Off on SN 699: Browser Extension Security

Tech podcast 305

RSS and mixcloud have the show.


Hello everyone, welcome to podcast 305 of the tech series. On this podcast, I talk about the domain name system in the first segment. There is a very interesting issue that was recently disclosed, however, it isn’t so bad unless you give your credentials out to someone you don’t trust. Alert (AA19-024A) was posted to the blog which links directly to the advisory. Other news articles also talk about this as well as Security Now’s Steve Gibson. Pure Nature and the Ralphs Supermarket app are also demoed. The podcast will last you about an hour and 40 minutes and I hope you enjoy this extended program. Thanks for listening, and make it a great day!

Comments Off on Tech podcast 305

December Ouch! December 2018 Newsletter

Hi all, I know I’m late with this, and I’ve got some time to look at some email. I recently came across the December 2018 Ouch! newsletter. This newsletter is entitled Yes, You Are a Target. This is very interesting, because it talks about how criminals can get at you even though they don’t want you

A lot of what the article here I’ll be linking to talks about common sense. Antivirus isn’t necessarily ruled out, however, it is not going to protect you from every single thing.

OUCH! Newsletter: Yes, You Are a Target

Comments Off on December Ouch! December 2018 Newsletter

Alert (AA19-024A)

AA19024a is from the USCERT in regards to the DNS system and how it can be hijacked without your knowledge. This starts with creds stealing, and then moves on to takeover of the domain. This should be checked out, and steps should be taken where appropriate.

Comments Off on Alert (AA19-024A)

Security Now, podcast 698

SN 698: Which Mobile VPN Client?
Tuesday, January 22, 2019, 6:01 PM

• Which is the right VPN client for Android, and which should you avoid at all costs?
• A very worrisome WiFi bug affecting billions of devices
• Hack a Tesla Model 3 at Pwn2Own
• Russia’s ongoing, failing and flailing efforts to control the Internet
• The return of the Anubis Android banking malware
• Google’s changing policy for phone and SMS App access
• Tim Cook’s note in TIME Magazine
• News of a nice Facebook Ad auditing page
• Another Cisco default password nightmare in widely used lower-end devices

Sounds like this is going to be a packed show. I can’t wait!

RSS for security Now

Download (filemail 60.3mb)

Comments Off on Security Now, podcast 698

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu