go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



NCSAM: Have you read Kevin Mitnick’s books?

I’ve read Kevin Mitnick’s books, three out of the 4 are on BARD. Nice to see him writing again!

Recently I got really board and wanted to see what Kevin Mitnick was up to. I then Started this book entitled The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data and I read the first chapter as a free sample. This book is not available on BARD, however, it is available on Bookshare. I decided to buy the book here at Amazon, and when I did, it updated itself with some 2019 notes in regards to the various breaches that have been notable since the beginning of the year.

About the Book

Kevin Mitnick, the world’s most famous hacker, teaches you easy cloaking and countermeasures for citizens and consumers in the age of Big Brother and Big
Data.

Like it or not, your every move is being watched and analyzed. Consumers’ identities are being stolen, and a person’s every step is being tracked and stored.
What once might have been dismissed as paranoia is now a hard truth, and privacy is a luxury few can afford or understand.

In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge – and he teaches you “the art of invisibility”.
Mitnick is the world’s most famous – and formerly the most wanted – computer hacker. He has hacked in to some of the country’s most powerful and seemingly
impenetrable agencies and companies, and at one point he was on a three-year run from the FBI. Now, though, Mitnick is reformed and is widely regarded
as the expert on the subject of computer security. He knows exactly how vulnerabilities can be exploited and just what to do to prevent that from happening.

In The Art of Invisibility Mitnick provides both online and real-life tactics and inexpensive methods to protect you and your family, in easy step-by-step
instructions. He even talks about more advanced “elite” techniques, which, if used properly, can maximize your privacy. Invisibility isn’t just for superheroes
– privacy is a power you deserve and need in this modern age.

If you’ve never read anything by this hacker turned security professional, then I highly recommend that you start with Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker which is on BARD and is also available on Bookshare. I actually started this book through Learning Ally, formerly Recording for the Blind and Dyslexic.

Abpout the book

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies-and however
fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through
cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence
game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems,
and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat-and-mouse game that led through
false identities, a host of cities, plenty of close shaves, and to an ultimate showdown with the feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape and a portrait of a visionary whose creativity, skills, and
persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies
protect their most sensitive information.

I thoroughly enjoyed this book, and thought I would see if there was anything else. The first book in this article I’m writing now, was not known to me, although it may have been recommended to me through my reading of Scotts book Cybersecurity Is Everybody’s Business: Solve the Security Puzzle for Your Small Business and Home Kindle Edition which I only found here and on Amazon. BARD does not have any of Scott’s books, and with the advancement of hacking, the blind and disabled reader must learn how to protect themselves. These books are not difficult, technical, and with Scotts book, was very short chapters.

In my recommendations after downloading Scotts book, I found something that really caught my eye and I’m also reading as well. How I can read two books at the same time, I don’t know. The book is by Paul R. Wilson. The Art of the Con: How to Think Like a Real Hustler and Avoid Being Scammed 1st Edition, Kindle Edition is the name of the book. This guy, in short chapters, talks about cons and scams that have gone on for many years. Some of these are still successful today!

About the Book

A sucker is still born every minute. In this modern and interconnected world, con-men are lurking everywhere – it’s never been easier for them to dupe
us, take from us, and infiltrate our lives.  

One of the world’s leading and celebrated experts on con-games takes the reader through the history of cons, how they’ve been updated to the modern age,
how they work, how to spot them, and how to protect yourself from being the victim of one.

R. Paul Wilson is a con-man who works for the other side – our side. He has spent a lifetime learning, performing, studying, and teaching about the ins
and outs of the con world in order to open up our eyes to the dangers lurking about us – and to show us how not to get taken. Paul has never made a living
as a con-man, profiting off of marks – he has used his expertise throughout his life to help people avoid cons.

In this fascinating book, Paul takes the reader through the history and developments of the con game, what elements from the past are based on basic human
psychology and have stood the test of time, what has been updated for the modern era and how it’s getting used in the computer age, the structure of how
these cons work, and – most importantly – how to recognize one, protect yourself and your loved ones, and avoid becoming just another sucker.

I’m not sure if this book is available on BARD or Bookshare, but you can look.

About BARD and Bookshare

BARD is the Braille and Audio Reading Download service by the National Library Service in the United States. This service is available to international patrons, but only if they initially live in the United States and are traveling internationally for some reason.

Bookshare is a paid service, although with the NLS partnership, they’re offering free accounts for those of us who have NLS memberships. You can get books in multiple formats including daisy, aduio mp3 (TTS) and braille files.

In this NCSAM month, I’m hoping that these books are a symbol of something that people should read, and get interested in. As I’ve discussed, we can’t do it alone, and the email scams and cons will only trick you if you don’t know what to look for.

Other Books you can find on Bard

I’ve read all of these books, and forgot about the other two. The following are books that BARD has on Kevin Mitnick, that are authored by him. There is one about Kevin’s takedown written by another author, but I’m not going to put that book here.

Note, that for this blog, I’m putting the DB number for reference and nothing else.

  • Ghost in the wires: my adventures as the world’s most wanted hacker DB74947
  • The art of deception: controlling the human element of security DB56450
  • The art of intrusion: the real stories behind the exploits of hackers, intruders, & deceivers DB60593

Have you read the linked books? What about the others not linked but are listed? What have you thought? Please discuss it in the comments! I look forward in reading what you’ve got to say.

Comments (0)

NCSAM: scam or not? You Decide

NCSAM: looks like a scam or Phish, can you tell?

Hello folks,

In the following exercise, I’m going to give you the beginning of two forms. One of which came through the IP Unblock form for my customers, and the other that came from MENVI. In both instances, they filled out the bug reporting yes, and the comments section.

Out of curious instincts, I went to the link separately and there is a picture, I didn’t go any further to identify it or anything.

Can you tell if this is a scam?

Below is the result of your feedback form. It was submitted by
(
lisadontate@gmail.com)
on Saturday, October 19, 2019 at 17:15:48
—————————————————————————
Name: Hellen[BqdeqwhVinejonuQ,2,5]
phone: 82919675993
contact_method: both E-mail and phone
bug: no
additional_bug_info: Hello, I apologize for this letter, but I have no other choice!

This is a 4-year-old girl Lisa Filameshina!
https://sun9-7.userapi.com/c848620/v848620572/b2c87/xpLF8Ynpc_0.jpg

Lisa has retinoblastoma (retinal cancer). Her eye needs urgent treatment! In the Swiss clinic «Hospital Ophtalmique Jules-Gonin» (Lausanne) they guarantee
the preservation of the organ so important for the future life of the child.

It is necessary to collect $9000 before October 31.

We will be grateful for any amount of money!

I beg you help!

That is wallet address for payment bitcoin :157CfZ3qhHpRWKbzqoroUAxTMgDhhmPfPt

I give the payment details in bitcoins, since another transfer is problematic in our country.

Sorry again.

The next one was sent overnight.

Below is the result of your feedback form. It was submitted by
(
lisadontate@gmail.com)
on Sunday, October 20, 2019 at 03:32:03
—————————————————————————
name: HellenInjex
City_State_Province: Avarua
country: Cook Islands
Phone: 81797884724
contactmethod: Please use both E-mail and telephone to contact me
contact: Please have Jared Rimer: (MENVI webmaster) to contact me
reporting_bug: No, I’m not reporting a bug with the web site at this time
reporting_bug_Yes: Hello, I apologize for this letter, but I have no other choice!

This is a 4-year-old girl Lisa Filameshina!
https://sun9-7.userapi.com/c848620/v848620572/b2c87/xpLF8Ynpc_0.jpg

Lisa has retinoblastoma (retinal cancer). Her eye needs urgent treatment! In the Swiss clinic «Hospital Ophtalmique Jules-Gonin» (Lausanne) they guarantee
the preservation of the organ so important for the future life of the child.

It is necessary to collect $9000 before October 31.

We will be grateful for any amount of money!

I beg you help!

That is wallet address for payment bitcoin :157CfZ3qhHpRWKbzqoroUAxTMgDhhmPfPt

I give the payment details in bitcoins, since another transfer is problematic in our country.

Sorry again.

Both messages look exactly the same. Both are pleading for money, and I believe there are two different bitcoin wallet addresses.

REMOTE_ADDR: 92.63.100.62 is on MENVI’s and REMOTE_ADDR: 188.120.249.122 is on the IP unblock request form.

My hunch is that this is part of the Nigerian 419 scam, begging for money but with a different purpose. The purpose is to help a little girl but now I got curious. As I write this, I ran Jaws picture smart on the photo on the URL. It says:

Caption is a little boy wearing a hat.

I’m unaware of NVDA having a picture smart option, but Jaws now tells me through this technology that it is a boy, not a girl. Very clever they are. The fact they say they want money by a certain time frame before its too late is also a telltale sign of a problem.

This network has a donations page found both on the blog pages and our main web site. In no way are we begging for money on any page, and in no way are we saying to donate by a certain time point.

While we would like people to donate to the network to offset costs of running it, and to help offset the independent artist project of playing independent music from around the world, there is no urgency. I have mentioned it on my shows, and on my show notes, but I don’t make it a habit either. Its just the way it is, and the way it must be so that we do not get flagged as a potential target.

This network also does not solicit any type of donations by email like this even though we’d love to get some money as described above.

I believe the goal of the email is entitled Phishing but it is targeted phishing for money. Its a bate to part with your money, the term of which you could look up and correct me if I’m wrong.

I don’t claim to know the exact terms correctly, because I get confused of what they are, but I know two things.

  • I do not have a bit coin wallet.
  • I do not know how to buy bitcoin, and if I did, I’d be using the money for my own purposes, I.E. buying things, or sending it to paypal for spending later.

I think we can utalize this as a point of learning to show people what types of things are being sent today.

Have you seen these and determined that it was no good? If you’ve been bitten, what did you think of this one that could have made you pause to think … “This can’t be right.”

Lets discuss this!

Comments (0)

NCSAM: Do you think Android is as secure as they claim? This Android app says not so much!

Today is October 18, 2019. I admire Android for making great strides in securing their operating system. On this day, I read an article that really made me think. Even while I napped this afternoon, I was wondering how I could cover this news about the app entitled Yellow Camera.

According to Trend Micro’s Intellegance Security Blog, this app isn’t a photo editing app at all.
Here are some details from Trend Micro’s analysis of this.

• [MCC+MNC].log, which contains the WAP billing site address and JS payloads, is downloaded from hxxp://new-bucket-3ee91e7f[-]yellowcamera[.]s3[-]ap[-]southeast[-]1[.]amazonaws[.]com.
MCC is the SIM provider’s mobile country code; MNC is the mobile network code.
• The WAP billing site runs in the background; the site accessed/displayed is telco-specific, based on the [MCC+MNC].log.
• The JS payloads auto-clicks Type Allocation Code (TAC) requests — codes used to uniquely identify wireless devices.

This article links to other articles and information that Trend Micro has found and published blog posts on, and luckily, this app hasn’t hit the United States yet from what I’ve tread.

What can you do?

  • Only get apps you’re searching for
  • Down the app from the official store, and read carefully on what you’re getting so you understand what permissions it wants
  • Don’t get anything from unofficial channels or linked you’re not expecting

I know looking may be of interest, but like I’ve said, it may be time to knock that off. It may be time to just say “I didn’t ask for it, I’m not looking, and I’m not wanting to get bitten.”

This is going to get rather interesting.

Have you seen this app, and what did you do when you saw it?

Comments (0)

Credit Card shops, good or bad?

In an earlier ppost, we talked a little about a service called Brian’s shop. According to this article I’m going to link to, this shop was taken down, and in this case, I feel it is a great win! Its one more store that can’t sell our data to anyone. It was taken out of business, and I feel thats a good thing. The person behind it claims that the credit cards were removed from the store upon the hack, but it was later confirmed that they still had them for sale.

Getting an arrest out of this, even though the carder had been hacked is only the first step. We know that this will continue to occur, and we know that new card shops will be at play.

This is a win for the short term, but i’m sure that someone will have even more to sell soon.

When Card Shops Play Dirty, Consumers Win

However, as I noted in Tuesday’s story, multiple sources confirmed they were able to find plenty of card data included in the leaked database that was
still being offered for sale at BriansClub.

Perhaps inevitably, the admin of BriansClub took to the cybercrime forums this week to
defend his business and reputation,
re-stating his claim that all cards included in the leaked dump had been cleared from store shelves.

Thats just what I wanted to post as part of the article and there is a link there. Link to all of the links in this story, and learn what happened through the reporting of all of this stuff.

Comments (0)

site optimisation

Hi.
Well before I plunge into the load of comments, I have started extra site optimisation.
Once a year or maybe twice, or every so often, I will be sweeping the site of all unused things like spam, database comments, etc.
This is to reduce clutter and increase performance.
A note to users on the site.
For those like me that use wordpress as a direct login to the site 2step authentication is enabled on this site and on the wordpress system.
If you login via normal userid and password method you will still be able to get in.
But if you use wordpress to login, you will need to setup 2step.
Please backup the 10 backup codes you are given incase something happens.
If you end up using all or half or well whatever, just remember to regenerate your code list and keep it on a cloud storage device.
Another note, for admins, Site info is placed with the wordpress version, php, sql, etc.
Also note, that while it gripes on, healthcheck seems to want us to have php 7.3 and according to performance tips you don’t need this.
As well as this, jetpack now handles image and page caches via wordpress cloud services.
I have noticed immediate speeding up of the system.
Later on, I may concidder extra services like cloudflare and maxcdn but as I need to get more iinvolved lets try the easy solutions.
Oh, also, jetpack should in theory update plugins when they update, so no more me having to login all the time and update plugins.

Comments (0)

Tech podcast 326: Dice World, NCSAM, braille transcription, and more

The RSS feed found here found here and the telephone line Live Wire on my show and bulletine board 974 now have my latest podcast. The show is up now, but the board will pull it within the next 24 hours.

The show notes are sweet and to the point I think, I am also working on shortening the intro too. Lets see how it goes.


On this podcast, Jaws and firefox’s latest version. NCSAM should be all the time, yes or no? We’ve got a braille transcription update, and Dice World has a new layout.

Comments (0)

Brians club gets hacked, Uses Brian Krebs and his name

Brian Krebs talks about a carding shop entitled Brians Shop. The people behind this shop pedle Brian’s name and his web site Krebs on Security with a copyright notice. I don’t believe I’ve ever heard of this before, but yet, this just seems wrong. “BriansClub” Hack Rescues 26M Stolen Cards is the article.

Between 2015 and 2019 according to the article, this web site sold 9.1 million credit cards earning the site 126 million bucks. This was all stolen credit card data.

If I were to do this, and do it successfully, I would not use likenesses of a company, I’d use my own company. I’m surprised that Brian Krebs didn’t go after these guys for copyright or something, since his blog, and anything written is copyrighted by the site. Flashpoint helped with analysis of the data, and there’s definitely more to this story. I’m sure that this will get interesting as time passes.

Comments (0)

Grease the Skids: Improve Training Successes by Optimizing the Environment

The next article in the phishlabs training is Grease the Skids: Improve Training Successes by Optimizing the Environment and I’ve been thinking about how to write this one up. Training alone is not enough, says Phishlabs. I know that I can talk about my thoughts on subjects, but over all, the user must put what I’ve learned in to practice in their daily life. I can teach a subject, but that doesn’t mean the student is going to get it.

I don’t think some of the things like changing passwords every month is a good idea, but if the organization you work for requires that, the blog post says that the company should force that, and get people to make their passwords valuable but yet not easy to guess.

I’d like for you guys to take a look at this article, and see how you can implement the ideas in it on your own. Lets discuss!

Comments (2)

NCSAM: Security features you should be using in password managers

While the article is actually entitled LastPass Security Features You Should Be Using I’ve been thinking of this more in regards to passwords in general. If you don;’t use passwords in a password manager, that is a choice that you make based on your own needs. I’m not going to change your mind. If you do use passwords in a password manager, have you explored its options to see what else you can store? I’ve not really understood Lastpass that well, especially when it comes to storing documents like birth certificates, passports, and the like, but i have stored notes such as product ID’s of products, and other notations including passwords for one of my network’s list management and other things.

I’m sure we can all learn about what our password manager of choice can hold, and we should continue to enquire in to what types of things it can do.

I would take the items within the last pass article, and see if your manager has similar features. Good luck!

Comments (0)

Capital One hacker … innocent or guilty? You decide!

According to the latest from CyberScoop, they are talking about the suspect Page Thompson may have had 20 to 30 TB of data from various companies. They also indicate that she is a flight risk. But what we didn’t find out, and I am not going to say one way or the other, but Page may have been male, now becoming female according to the article. Whether you’re male or female, it honestly doesn’t matter because there is a lot of data that the government is going through that you allegedly had on you. I think the judge is trying to treat Page as fairly as possible whether they are male or female. If the judge thinks she/he is a flight risk, and they think she/he is going to do something, than that should be taken in to account. If I rember correctly, this suspect pleaded not guilty correct? There are a bunch of links within this article including the not guilty plea which I was correct on. Read the article update from cyberscoop: Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say and make your own opinions on this one.

Comments (0)

Apple Releases iOS 13.1.3, iPadOS 13.1.3, and macOS Catalina Supplemental Update

This is the article title from apple vis. They cover whats new in these releases and you may want to take the time to update if you have had the issues mentioned in the article. go on over to apple vis to read more. Thanks for listening and reading.

Comments (0)

NCSAM: email delivery: check the sender of email

I may be a little bit behind, so excuse me. Today, I read a blog post as part of the NCSAM series that I think is appropriate. It talks about checking the senders email address as part of the verification process. This is especially true, as now a days, the sender can claim to be someone you know.

I have first hand experience with this. I know someone who will remain nameless for this blog post. I also have their email address. I got an email recently that had their full name. In the body, was a link.

When they originally sent links to me, they included a note such as “here you go” or something to indicate what I was getting as well as a subject line.

In the email preporting to be them, I forget what the subject line was if it had one, but the body had a link such as hxxp://aerifog.com (don’t go there) instead of something that i was expecting.

I think out of curiosity, I went to see what it was, as I felt it wasn’t melicious, but once I saw where I was headed, I backed out.

Today, I think its time to stop doing that. If I’m not expected to go somewhere based on an email I’m expecting, then I’m not going there. I’ve sometimes gotten curious, but I think it is becoming too much of a problem to do that now.

I’m not going to say that I won’t occasionally look, but I think eventually I’m going to get caught.

With shorteners like cutt.us you can add a character to see stats and see exactly where you’re going. I’ve done this when I’m curious and I know they’re available to check that.

Another thing this article mentions is to check the way the person writes.

  • Do they have a default signature?
  • Do they greet you by name?
  • If not by name, by company name?
  • Does the company send you promos and things like Amazon?
  • When you coorespond, does the company have a signature with phone number, address, hours of operation, or something that you spot in every communication?

These are some ideas I can think of and questions to ponder when you get email.

When I send email from my tech at menvi address, I have a signature, my name and technology blog and podcast is in the name, and if I send you something, I include a link directly to where you’re going. I also in the signature have a signature with my blog address and main web page.

If you communicate with me using other addresses, you’ll see various signatures except gmail where I just sign.

I suggest you take a look at this Phishlabs blog post entitled Beware of Account Takeover which may have other tips that I haven’t covered that may be of value to you as we learn how to stay safe in the ever changing landscape we call the Internet.

Please share what thoughts you might have when it comes to how you, the individual, or you as a company, tell customers how to stay safe when it comes to email delivery. Lets talk!

Comments (0)

HP launches Spectre x360 13 pre-installed with ExpressVPN

Just like an antivirus/anti-malware solution, having a VPN installed on your PC is very important. Are you ever concerned about the privacy of your online activity? Or worried about advertising trackers? Or maybe you are trying to access content that is prohibited by your government or Internet Service Provider (ISP)? Do you ever want to watch certain movies on Netflix only to find that they are not available in your country? A VPN will help you solve all the above problems. What’s more, a VPN is affordable and easy to use, especially in the case of the recent HP and ExpressVPN partnership where the VPN comes pre-installed on the latest HP performance laptop.

 

The HP and ExpressVPN partnership

Consumer VPN expert ExpressVPN recently announced its partnership with the giant tech company HP Inc. As part of the agreement, a selected number of PC’s will come pre-installed with ExpressVPN’s Windows app to help protect users’ privacy and security online. 

HP’s recently unveiled Spectre x360 13 laptop model will be the first one to enjoy this arrangement that includes a 30-day trial period to see if the VPN is a good fit for them. The product will, however, get incorporated on more HP models in the coming months.  After the trial period has elapsed, users will get an opportunity to either buy a longer plan or opt-out of the subscription. 

 

About ExpressVPN

ExpressVPN is the market leader in consumer VPNs. Its popularity stems from its speed, security, reliability, and ease-of-use. ExpressVPN helps users to secure their data traffic and guard their online presence against prying eyes. This VPN gives users peace of mind when they connect to untrusted or unsecured networks, such as public Wi-Fis at the coffee shops, hotels, and airports. You will be able to encrypt your network data and secure your internet browsing experience with one simple click!

 

ExpressVPN TrustedServer Technology

ExpressVPN’s TrustedServer technology presents a major surge in protecting consumer privacy and security by addressing key risks common with how VPN servers are conventionally run. 

Traditionally, server owners install the software and operating system during the initial set up of the server and then add amendments over time. Take note that every change made gives rise to the possible changes among servers, decreasing the trust that each one of them is using the same exact code. 

ExpressVPN’s TrustedServer technology ensures each of its 3,000+ VPN servers uses the most recent software. Every time the server reboots, it loads the most up-to-date read-only picture containing the whole software stack, OS, and others. This is to say that ExpressVPN is aware of everything that is running on all their servers, which minimizes the possibility of exposure or misconfiguration and greatly enhance VPN security.

 

HP Spectre x360 13 Features

HP’s newest Spectre x360 13 laptop model combines the cultivation of impressive design and mobility, with heightened security and performance features that allow users to enjoy their passions without limitations.

With 6 out of 10 PC users concerned about their privacy being compromised, the new Spectre model features a dedicated mute mic key, HP Webcam Kill Switch, and an extra HP Sure View display. It also features twice the performance of its predecessors with an extended battery life of up to 22 hours, enough to take you through the day. 

 

About HP

HP is a global IT corporation specializing in the sale of software, hardware, and other similar services. The company was founded in 1939 by engineers David Packard and William R. Hewlett. HP’s product line includes PCs and other computing devices, software, storage tools, scanners, printers, plotters, and enterprise and industry-standard servers among other imaging devices. In 2014, HP decided to split the company into two– HP, Inc. and Hewlett-Packard Enterprise.

People who use PC’s/laptops are mostly on the go, and this often results in the use of unsecured Wi-Fi networks. With a speedy and trustworthy VPN like ExpressVPN, users of the new Spectre x360 13 will walk with their head high knowing that their privacy and security remain unaffected regardless of whichever Wi-Fi network they are on. 

Comments (0)

Will Apple get hacked more in the future? Business insider says yes

With apples IOS 13, and very successful hacks in to the IOS platform, we’re starting to see Apple being targeted. According to this article from Business Insider entitled A cybersecurity expert explains why we’re likely to see more Apple hacks in the future we’re going to see more hacks toward IOS and Mac devices. Windows is also covered, and rightly so.

While my phone is older, and I’ll be looking to replace it soon, making sure our software is as up to date as possible is now more crucial. This is going to get interesting as we continue to see these types of issues including data breaches in general.

The fact that the article talks about whats app as an entry point, whats app developers need to fix that hole too. Its not all the operating systems fault, whether its windows, mac, ios, android, lynux, or any other operating system out there.

NCSAM

Comments (0)

British Airways data breach: class action lawsuit approved – IT Governance Blog

Here is British Airways news. I think I covered this back when it broke, so I found something and thought I’d post this update here to the blog.

We need to remember things are changing, and this is only the beginning of the problems if we can’t figure out how to protect ourselves the best we can.

A portion of the article and the link follow.

The High Court has granted a group litigation order, effectively giving the go-ahead to mass legal action from 500,000 victims of the 2018 BA data breach.

Source: British Airways data breach: class action lawsuit approved – IT Governance Blog

Comments (0)

Presidential campaigners are not secure … this can’t be good

According to an article I’ve thought about and saw today, 16 out of 23 potential candidates are not security concious and have some things to fix before next year and running for president.

I’m not going to rehash the articles I wrote on Donald Trump, you can go to my article listings page AND SEARCH them out on your own under the vocal heading. If this is in any indication, we’re going to have another long 4 years if someone new wins and their cybersecurity is not to par.

Article: U.S. Presidential Campaigns Struggle With Cybersecurity

Comments (0)

Alabama got hit with Ransomware, pays ransome

Hello all,

Well, the news this week deals with Alabama getting hit with Ransomware. According to this article entitled Ransomware attacks are insidious. Experts urged healthcare CIOs to invest in proactive security measures to combat the growing threat. Alabama was the target. Unfortunately, Ransomware is not going to be going away, and thats because its a great moneymaker.

I wonder how this type of thing is created to begin with? I’m not saying that I’d send it out and demand money, since my goal of the blog and podcast is to alert you all on whats out there so we can protect myself. We all need money, but we need to do it the right way.

For example, on one of the pages on the blog is a donations button I believe. But if not, thats OK. Money isn’t the object of this podcast, but if you’re interested in donation options, get in touch.

I’m confident when I reminisce about the story one of my buddies told me about one of our own in the blindness field getting targeted with Ransomware. Remember this article entitled ATPC Hit with Ransomware, Does Not Pay where I talked about a textbook case of doing it correctly? We should bring it out and show companies that a company serving the blind community did it correctly, and we should all learn.

Getting back to the article at hand, Security Now covered quite a bit of ransomware this week in their episode for this week. If that show goes in to ransomware mode, whereby they’re covering nothing but ransomware in the news, its going to be the whole entire show. This can’t be a good sign.

Here are the notations from that episode.

  • Ransomware hits schools, hospitals, and hearing aid manufacturers
  • Sodinokibi: the latest advances in Ransomware-as-a-Service
  • Win7 Extended Security Updates are extended
  • A new Nasty 0-Day RCE in vBulletin
  • There’s a new WannaCry in town

As you can see, there are lots of things going on here, and its not going to go away any time soon. The fact that the main topic of this blog is ta;lking about the Alabama case, there is a lot more happening that we should be learning about too, and thats why I find the story of value. This is going to get very interesting.

Comments (0)

Trend Micro’s next webinar

The title of the next webinar is going to be “What’s Up with Web Threats?” It’ll be held on October 29th at 1 ET 10 PT and I am going to try and make it. If not, a recording will be provided afterword.

Today’s threats are now hitting us hard. Web threats, email threats, telephone calls, and more. Please sign up and learn how you can protect yourself and teach others what they can do afterword. We can do this together.

With the popularity of the web, and everything that is connected to it, there is no surprise it is the second most detected threat within our customer
accounts.

In this month’s threat webinar, I will review the numerous types of web-based threats affecting your employees, such as embedded URLs within emails, malvertisements,
drive-by downloads, and command and control (C&C) servers.

As well, I will be reviewing some best practices you can use to better protect your organization, employees, and web servers from these attacks. Because
when you can prepare for, withstand, and rapidly recover from threats, you’re free to go further and do more.

That’s The Art of Cybersecurity.

I’ll see you there!

Comments (0)

Its time for another patch Tuesday: time to reboot and update your systems

Its time for another patch Tuesday, and Krebs On Security and Trend Micro are offering the articles in regards to whats out there. I’ve already taken the computer offline and did the reboot necessary. The computer seemed to be a little slow anyway, so the reboot helped clear that up.

Below, please find the articles from my sources. Stay safe!

Please feel free to check these articles out for more information. Trend Micro is the longer of the two, where they detail whats patched, while Krebs is good in its own right, some detail, but enough to cover everything since Adobe is covered in that post as well. Both are good for their own right, and I want people to choose what article they want to take from. Thanks so much for reading, and make it a great day!

Comments (0)

Magecart is at it again, this thing doesn’t die

According to FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops from the TREND MICRO intelligence blog, this thing isn’t going away any time soon. According to the beginning of the article, another 3126 sites are effected, and this is now on the web, not just your brick and morter shop now. Once this thing is installed, it scrapes credit card data through scripts through the SSL connection and out to the bad guys. There are links to various items on this article, so paraphraising is going to be difficult. I’m passing this along so that we all can be aware, and do the best we can to protect our cards from this attack.

The bad thing is that the site may even look normal, and we may never know it. It seems thats the risk we take now. Let me know your thoughts on this one. It can’t be good.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu