The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
What do you think when you hear the words heat stroke?
Let me start off this blog post with a question. What do you think when you hear the word heat stroke? According to Wikipedia, “Heat stroke, also known as sun stroke, is a type of severe heat illness that results in a body temperature greater than 40.0 °C (104.0 °F) and confusion.
Other symptoms include red skin, headache, and dizziness. … Heat stroke occurs because of high external temperatures or physical exertion.” That is what I thought about when I saw this article ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information which was posted on the 29th of August on Trend Micro’s Security Intellegance Blog. In this article, Heat Stroke is not two words, its one, and boy does it have nothing to do with the sun.
As I write this blog post, I’ve returned home from an appointment and it was already 84 degrees at 10 am. We have whats called a heat advisory for the area, and its prolonged heat for many hours of the day.
We can take the heat advisory and weather discussion to this blog post, because it is described as a multi-staged attack to get information such as Paypal credentials, Apple credentials, or anything the developers wish to extract from the victim in which gets the message. The name comes from something in their code, and thats how most of these are named. Its facinating that it would be considered heat stroke, because it has legit looking web pages even though it redirects users based on criteria. This is quite interesting, and I found this facinating how the actors behind this don’t deliver it to certain people if certain conditions are met, but yet, the landing pages know this.
What bothers me about this whole reading is the fact the page seems to do nothing until everything is validated. The actors went to great lengths to validate the authentisity of the data, especially credit card data. I would recommend reading the attached article about this threat, and lets make sure we pass this along to our readers and listeners. Thanks for listening!
Comments (0)
What Capital One’s breach can teach us about access management in the cloud
I recently saw an article What Capital One’s breach can teach us about access management in the cloud and it is a very delicate situation. There are different things at play here, and its going to get interesting as this case moves forward. This is a video which I must have missed. Thoughts on this video? Just watching it as I produce this article post for the blog is quite interesting.
Comments (0)
Teenager gets caught hacking musician accounts
Teenager arrested in UK for allegedly hacking ‘world-famous’ musicians is the article that I spotted today by Cyberscoop staff. According to the article, this guy got caught after he ellegedly hacked in to musicians accounts of various kinds.
A 19-year-old man has been arrested for allegedly hacking the websites and “cloud-based accounts” of “world-famous” musicians, stealing their unreleased
work, and selling the music for cryptocurrency, U.S. and British authorities announced Friday.The man was arrested in Ipswich, a city in eastern England, after the search of a property there and one in North London, according to an announcement
from the Manhattan District Attorney Cyrus R. Vance Jr., and City of London Police Commissioner Ian Dyson.The Manhattan D.A. investigated the incident after being contacted by the musicians’ management companies and worked with the London police ahead of the
arrest, according to the announcement.Authorities did not name the victimized musicians, but City of London officials said they were all American, some of them Grammy-winning, NBC 4 New York reported.
He got access to unreleased material and sold it for bitcoin. Could you imagine if this was someone on the independent artist side? While my internet radio shows now a day deal with strictly independent artists, I definitely don’t want to hack to get the music, I feel that we should share it in a controled environment where they get airplay, as well as us buying it for airplay too. I’ve baught a lot of music, but I also have tried to reach out to see if people would release stuff to the network so they can get exposed to an audience.
One artist wanted me to buy as they didn’t feel comfortable with the aspect of sending it to me, and I complied. I understand their position, and I was happy to buy it. One of the albums got some praise, while others not so much. I definiteluy enjoyed it, but I would never go this far and hack in and steal stuff that isn’t rightly mine. I wonder what would end up happening to him? I guess we’ll find out over time.
If you see anything about this case, I’d love to keep up on it. Let me know what you think of this linked article, and of course it links too to another one as part of the original story. I’ve done the same.
Comments (0)
More great news, another hacker gets caught
According to this article on Cyberscoop: FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew is a great sign that shows that crime does not pay. This is the head of a company, yet, cybercrime can run like an organization like anything else. He is going to be charged in the United States, and he is the first member of this group found to be charged here. This is definitely going to get interesting, thoughts on this one?
This group stole over 15 million credit cards, and remember that we’re not responding to charges we don’t recognize by paying it. We must continue to be dilligent and report charges we don’t recognize.
Lets keep fighting.
Comments (0)
Windows update is out, time to update
Hello folks,
Welcome to another weekend, where we have information dealing on windows update. Patch Tuesday, September 2019 Edition comes from Krebs, and September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days from the intelligence blog at Trend Micro. This is worth reading, and I hope that you do. This is something that we need to pass along, and I am doing just that. Make it a great weekend!
Comments (0)
Latest outages
Hello folks,
We’ve been aware of outages across the network. The provider is aware of it, and it is out of their hands. I am unable to write any more at this time, as its an ongoing investigation. I’m hopeful we’re now stable. Please also welcome our newest contributer and check out the article on Phishing. Very valuable. Thanks again for your support.
Comments (0)
What is Phishing: Learn How to Protect Your Company
Phishing attacks are common security challenges that affect both individuals and companies as they strive to keep their information secure. Cybercriminals execute phishing attacks through email, social media, phone calls, and other forms of communication to steal useful information like passwords, credit card details, and other sensitive information. Businesses are always a worthwhile target for cybercriminals, and it’s important to understand what phishing is to protect yourself.
According to recent statistics, 90 percent of all data breaches can be linked to phishing attacks. It’s surprising that many businesses still don’t understand how to effectively protect themselves from phishing attacks despite the alarming statistics.
With the average cost of a successful phishing attack costing an average of $1.6 million, small and medium-sized businesses should learn how to identify phishing attempts and educate their employees about the risks of such scams.
What is Phishing?
Phishing refers to a cybercrime where the victim is contacted by someone impersonating a respected organization, institution or individual in a bid to lure them to disclose confidential information. It could be a password, personal identification number, or banking details. The information is then used to access target accounts, often leading to huge financial losses. When targeting businesses, phishing attacks can result in the loss of company data, such as revenue figures or tax information.
Traditionally, phishing scams were executed through emails. However, there has been a significant rise in the number of phishing scams carried out through text messages and phone calls. Spear phishing, a personalized kind of phishing attack aimed at a select target, has also been on the rise. It could come in the form of a message ostensibly coming from your bank to update your account information or your employer asking you to sign an important document.
Phishing Scams & Ransomware
Other than getting invaluable confidential information from victims, phishing scams can also be used to execute ransomware on your device. Ransomware is simply a scheme to encrypt data on your device and deny you access to your valuable data. The cybercriminals will then demand a ransom before they can decrypt the files.
According to PhishMe’s 2016 report, 93 percent of all phishing emails contained ransomware. In 2017, the cyber attack on NHS demonstrated how ransomware can bring down even the largest organizations. Ransomware is often spread through email attachments from fraudulent sources. Once you open those attachments, ransomware is directly downloaded to your device. It’s important to learn how to identify phishing scams to stay clear of ransomware attacks.
How to Protect Against Phishing Scams
Most phishing messages can be easily identified as they portray the true intentions of cybercriminals. However, some are well-crafted that just looking at the tell-tale signs may not be adequate. Here are some ways to stay clear of phishing scams;
Use Email filters
Email filters can certainly help to screen malicious emails. Some email providers may have more effective spam and junk mail filters and it’s important to research before you settle on an email service provider. Additionally, you can disable all hyperlinks on email settings if you’re concerned about the dangers of email phishing.
Install Antivirus Software
Always keep your antivirus software up to date to safeguard your business from phishing attacks. The anti-phishing functionality of your antivirus will scan all email attachments and check whether they are malicious or not. Antivirus also protects you from other dangerous threats.
Use a VPN
A Virtual Private Network (VPN) is designed to protect you from threats while browsing the internet, especially when you use a public Wi-Fi connection to access sensitive accounts. An effective VPN will encrypt your data when accessing the internet. However, it’s important to avoid logging into online banking accounts or other sensitive accounts while on unsecured networks.
Summary
Many data breaches can be traced back to phishing attacks. Protect your business effectively from this damaging cybercrime by putting in place the above measures. Ultimately, human error is the biggest risk to the integrity and security of your company’s data. Train your employees on the risks of phishing scams and how they can identify such schemes.
Comments (0)
Cybersecurity: 99% of email attacks rely on victims clicking links
I spotted this article entitled: Cybersecurity: 99% of email attacks rely on victims clicking links today and I think this needs to change. We keep seeing breach after breach, but yet, its the same thing that starts it. We’re not teaching anything, but I’m trying to do my part in educating but I can’t do it alone. Lets discuss this ordeal of the fact that we all click and how we can try to do better. Only time will tell, but education is a start, and not rushing through things is another.
Comments (0)
California highway barrier not repaired before fatal Tesla crash
Can someone explain to me why this was not done? According to this article entitled California highway barrier not repaired before fatal Tesla crash we had some serious problems with things on the highway. I’m not sure about these things they’re talking about, but it was a serious problem. The problem we’ve got is that this can’t go on like this, right? Lets say the things they’re talking about were at cross walks to aid the blind and disabled to cross the street, one on each side of the crosswalk. It wouldn’t be across all lanes because they’re to be there for barrier sake. But if something like it was devised for marking the beginning and ending of the crosswalk, and cars can drive over it when slowed, and it was damaged as cars tend to drive fast, then we’ve got problems, don’t we? Thoughts?
Comments (0)
Why is the DMV ellegedly selling your personal data? This article discusses this
I just found an article on twitter that is just beyond repair. You would think that the department of motor vehicles would have your interest at heart. My goal is not to sell any data, goive it away, or have anything to do with that practice. Accpording to this scaving article DMVs Are Selling Your Data to Private Investigators talks about this scary practice. Someone got killed because they hired someone to get the info and killed them. I’m glad I do not sell any personal information about any customer, member of an organization, or contacts that are personal that I have telephone numbers for. We need to bring this to the spotlight and say that this is enough. When is enough enough? Thoughts?
Comments (0)
Accused Capital One hacker pleads not guilty to all charges
I’ve been thinking about this article entitled Accused Capital One hacker pleads not guilty to all charges which I read and was posted on Sep 5 from Cyberscoop. This woman seemed to me like she was guilty, because of her reaction when arrested. I know that you can plead not guilty before trial, and trial can determine your fait, and the United States law allows you to do it. The government thinks Page is a flight risk. If Page was a flight risk, she could’ve been gone after the supposed hack, unless she never had that chance. This is going to get interesting as time progresses. Lets just see what happens, but I’ve been thinking about this a little more. Thoughts?
Comments (0)
Why Social Media is Increasingly Abused for Phishing Attacks
I recently read an article called Why Social Media is Increasingly Abused for Phishing Attacks and I found it interesting. Problem is that its true. While different people have found me on twitter and wanted to start relationships, I’ve been caucious because all of this is text. Several wanted to move to hangouts which is fine, and they ask personal questions. One of these people even went so far as to ask me to open a bank account here so money can be transfered and they can have access because they were in the millitary and they weren’t supposed to be even talking to people around the country. They never called me, and I told them this was not going to happen. Another person started a relationship with me same deal, but when i mentioned that this was only a text message conversation and I don’t do text conversations for relationships.
This type of thing happens all the time, and you need to be on guard. Whether you use hangouts, twitter, facebook, linked in, or any other social media, you need to be careful. You never know what is going to happen. People can ask for relationships and they could be not who they say they are.
The article itself was worth the read, and I encourage everyone to read it. Its definitely an eye opener since all of these platforms are a form of social media in some form or another.
Here is a little more on the social media aspect in regards to the phishing and social media aspect.
for malicious purposes. In the case of social media, there are numerous forms of phishing that occur:
list of 7 items
• Impersonation
• Credential theft
• Propagating attacks
• Data dumps
• Romance scams
• 419 Scams (Nigerian prince)
• Intelligence gathering (for account takeover and spearphishing)
There’s more, I’d suggest you give it a read. I’ll be talking about this article in detail on a future podcast.
Thanks for reading!
Comments (0)
Romanian Cybercriminals Sentenced for Phishing Campaign
I must have missed this, or read it and forgot about it. The article is: Romanian Cybercriminals Sentenced for Phishing Campaign and its another one of these good news stories I just love to share. Crime does not pay.
Comments (0)
Tech podcast 321
The RSS feed has this podcast I just uploaded Completed on the 2nd, i’m posting it late. Its all good.
Welcome to podcast 321 of the technology blog and podcast. In no way am I complaining at all, but I really think that braille transcription software, no matter what you use, should be a tool. When I started lesson 15, discussed in full in the first segment, I found that I seemed very confused. Its not graded yet, and I’m sure I have a few things to correct before my first submission, but I’m confident I’ll understand it. This article entitled Transcription software can’t do it all: Even Braille 2000 doesn’t have every possibility is a written aspect, but the first 30 minute segment goes in to an audio detail of the lesson and my confusions. Next, a very interesting ted talk dealing with storing data and DNA. I mention telephone systems including Live Wire, MyTelespace, and Philmore Productions Voice mail as examples of systems that could utalize this if it were to ever happen and how Philmore Productions could do things better and how Live Wire hasn’t lost any data because of a different backup routine. No trashing is going on here, but the talk and the recent Philmore Productions news about their data made me think about this a little more. Next, Armando is along with a very interesting talk about the Iphone and how we can utalize it without a home button. I relate an experience with a supervisor of a company when I showed him how Voice Over worked, and he didn’t have a home button. Contact info on both sides of the program is given. Thanks for listening!
Comments (0)
Philmore up … Philmore down … are you done with the game?
So its been awhile, and boy, it seems like Philmore can’t be stabilized. Going back on their word on refunds, they talk about the standard business practice of customers requesting refunds for all the downtime. While I can agree with this practice, the company made it very clear that they would do this once the system came up. They have not.
To add insult to injury, let me ask you a question. Would you use something that is not compatible with your system, or would you make sure that it is compatible? I think we have this type of problem now with Philmore productions, and it can’t be good. Turns out, that we still have a computer which continues to reboot randomly, and the cause is the dialogic card, one in which may not be compatible with the software or version of the operating system. I’m being caucious, because I do not know exactly what is going on, but we can confirm that it is not compatible.
What I’ve noticed with this company is something that I’ve seen too much with them. The programming and development of the system is comparible to others I’ve been on, but the transparency or lack thereof, has not been the greatest. Promises and no action, or promises and excuses on why it can’t be delivered.
Long time customers are choosing that this is enough, on their own. While I’ve written blogs, talked about the situations via podcasts in audio, or even in conferences or one on one, the fact is that customers are seeing what this company is really like. This can’t be a good thing for them, and we don’t know or can’t predict whats going to happen. Companies come and go all the time, whether its customer problems, or money or other issues. I’ve been predicting Philmore to be gone for several years now, and maybe this will put the nail in the coffin. I’m not sure, but its all in writing.
One of their customers posted on their bulletin board system talking about all of the past, and how they were tired of it. It was a very lengthy message which we aren’t able to get a copy of, but from what I hear, it was well thought out. The company did confirm that the data was corrupted and couldn’t be salvageable and the tech blog and podcast as well as others close to the network said the same thing.
How much worse can it get for this company? I’m not sure, but only time will tell what will really happen. Comment if you wish.
Comments (0)
‘Satori’ IoT Botnet Operator Pleads Guilty
Here’s an article I read entitled ‘Satori’ IoT Botnet Operator Pleads Guilty and it is complex. Why do I only see these types of things posted on Krebs on Security? Sure, Cyberscoop covers a few of these, but I think stories like this should be made more public which is why I post these. This is a very complex story, and I’m not about to try and dysect this story in to thoughts for you in a blog post. I will tell you that its worth the read, and feel free to comment.
Comments (0)
Have you ever been in a phishing simulation?
I’ve got a question for everyone on this blog. Have you ever been on a phishing simulation where something is sent to you and you’re to determine if it is real or fake? I’ve not, and I’m wondering how we can do that as consumers. Phishlabs has a blog out entitled Phishing Simulations: Should they Reflect Real-World Attacks? This is a real question that I’d love to participate in. I see different types of things I know I’m not to open, but there are times I’m sure I’ve been duped. We all have. Take a look, look at the TTP’s and lets learn together how we can protect ourselves.
Comments (0)
Philmore up, is this the beginning of the end?
“Welcome to Philmore Productions, may I take your bug report?”
“Yes, I have a huge bug report, Phil. Your voice mail seems to be completely broken. I can’t send any messages out, so having you tell me to leave a voice mail in your box is going to be pointless.”
Yes folks, this is now what Philmore Productions Voicemail is like now, according to reports. It just came up in the afternoon of August 28, 2019. During my podcast break during my moving process, I’ve written several articles in regards to Philmore’s potential. It seems like now that the system, in parts, is completely broken.
Hey Phil, did you end up copying the data like you said you did? If you did, did you find out if it was corrupted? How is the corrupted data treating you?
I called it a long time ago that copying corrupted data is going to cause you a lot of problems. I even told AT&T when I ordered my service for this location, the short version of what has gone on through the years in this company. The girl I talked to said that it wasn’t good. Now, what do you plan to do? The voice mail lines that were forwarding are now back up and operating, although you were apparently supposed to have access to be able to do that when you were upgraded. Is that broken too, or are you too stupid and don’t know how anything works and you have to have companies tell you everything?
When I got in to the web hosting business, I made it a point to learn everything I can about the features I use, and where stuff is in my control panel. While I may not know a lot of stuff, and/or things move around, I’ll go look and try to figure it out before I try to bug my provider. If there is a pannel you can access, look at it, save the company some time. The fact your shit is broken isn’t doing you any good right now, and now will be the time for you to respond to this type of bug report which will certainly happen.
How many times have you said that your system is going to be up better than ever during the reports you provided your customers? I believe that your voices need to speak even louder, folks. If this is a tell tale sign that this isn’t what you expected, maybe you need to decide what is best. This can’t be good. I’m not telling people to leave, but while I’m writing this article, the voice mail bug that was mentioned in the first section of this article is fixed. I’m sure that the rest of the issues will be fixed over time, and the time is now! You said it was going to be better, but in my opinion, its now more crap.
You all will figure it out, and make your own decision. Make it the right one.
Comments (0)
Capital One update
There are two articles I’ve recently read within the past week in regards to the Capital One breach. Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson written on the 16th, and <a href=”Alleged Capital One hacker may have taken data from dozens of companies, feds say which was written on the 14th. Yes, I’m behind, but these are significant, because we know that this was an inside job the purpetrator had, yes they got caught, and they showed no remorse. I’ve not talked about this on the podcast nor did I blog about it because I was waiting to see if we were going to be notified. Looks like we aren’t, but this won’t be the last time this will happen. Capital One did the best they could, under the circumstances. This is unfortunate, but I’m hopeful the investigation will be continuing because we need to know for sure if other companies are part of the hack job that was supposedly done. Thoughts?
Comments (0)
We’re on feedburner
Hi.
This is crashmaster creator of the blindvms podcast.
We are on feedburner.
My podcast address is http://feeds.feedburner.com/blindvms
This cast is on feedburner at
http://feeds.feedburner.com/tech-jrn
There have been some articles from 2014 saying feed burner is shutting down, its a google service so I thought, why not.
Its another way.
Note, I am not intergrating any of this with the site, or anything, but this is another way because its free, and I was making a feed for myself anyway and I thought, oh well may as well for no reason what so ever except I can.
Goes to the rss, adds a few more subscription options and avenues, I mean its not like there are loads allready but just because it exists I put it up.
Articles say that its shutting down, and maybe it is, but its not yet.
A lot of stuff still is on it and its part of google so whatever.
All other feeds work.
Oh, to jared, I just put the feed up, its in my google but your address and name is on it since I previde only the feed linking, not the content.
I don’t care if these feeds actually get subscribers it was just put them up there because I can for no reason but I can.
Comments (0)
navigation menu
- Archives
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
- The tech blog’s pages
- Blogroll