go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu

sections menu

fine menu sezioni pagina

Security Now! podcast 836: The Meris Botnet

We are going to talk about this botnet thanks to this article by Krebs On Security called KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” but I did hear the end of this week’s Security Now which I intend to listen to and may have other thoughts put in to the notes for the podcast which I’m now working on.

The description of this program is taken from This GRC Security Now page which you can download the program from.

This week we’re going to note the apparent return of REvil–not nearly as dead and gone as many hoped. We’re going to look at a new and quite worrisome 0-day exploitation of an old Windows IE MHTML component. Even though IE is gone, it’s guts live on in Windows. We’re going to share the not surprising but still interesting results of security impact surveys taken of IT and home workers, after which we’ll examine a fully practical JavaScript based Spectre attack on Chrome. I have bit of closing the loop feedback to share and a surprisingly serious question about the true nature of reality for us to consider. Then we’ll finish out today’s podcast by looking at the evolution of Internet DoS attacks through the years which recently culminated in the largest ever seen, most problematic to block and contain RPS DDoS attack where RPS stands for Requests Per Second.

I urge people to download and listen to this show (57mb) as it may contain news that may be of importance for you. Most importantly, you should listen to the final segment, but I’m not going to hold your hand, so if this interests you, go for it. Enjoy!

Comments (0)

Its time to get your windows update on as well as other software as well

Windows and other related software need to be updated. Krebs On Security and Trend Micro have all of the details.

Trend Micro indicates that there are 66 patches throughout the Windows ecosystem which include 3 critical and 11 reported through the ZDI.

Besides IOS 14.8 released on Monday, Google Chrome also has an update which fixes 9 vulns with 2 actively exploited in the wild.

Please read the article in which you’re interested in, both have good information to provide.

Comments (0)

Apple’s California Event wrapup

This page is the writeup of yesterday’s event. I heard a portion of it through Twit yesterday, but I was getting tired when it replayed and they also had other shows.

The writeup is quite interesting, but like the author of the post, I’ve got my 11 which was baught last year, and I don’t know if we’re going to get new phones or not.

I don’t have a watch, but right now I’m passing on one. Never had an Ipad, as I use a Windows PC as well.

Let’s see what you decided on getting after you read this accompanying article on IOS and other apple things.

Comments (0)

The Security box, podcast 61: CSAM gets a pushback, news notes and other stuff too

The 125.21mb file is here. The RSS is here.

Here are the show notes.

Welcome to the Security Box, podcast 61. On this podcast, let’s discuss the updates on CSAM as it pertains to Apple. We’ll have news, notes and more.

Topics

News Notes

Comments (0)

There was an event today, which I did see an email about from apple but didn’t read it. We’ll see if a blog post comes up on it but here’s some news from AppleVis about this important update.

Ahead of tomorrow’s “California streaming” event, Apple has released iOS 14.8, iPadOS 14.8, macOS 11.6, and watchOS 7.6.2. The main changes in these releases are two security updates. Apple has also released a security update for macOS Catalina, however, this has just the one security fix.

Comments (0)

The Security box, podcast 60: The Security Landscape as a whole from broadcasting software and web site services to T-Mobile’s Fiasco

This is the link for the download to last week’s program. Its been a busy time here at the JRN, but I’ll be doing my best to try and do some serious blogging of things I’ve read and try to get back in to things. The file size is 124.5mb. I hope you’ll enjoy the program as much as I have bringing it to you.

What has changed on the security landscape? We learn about T-Mobile’s recent failure, and even web sites are braught up as well as broadcasting software among other things. This turned out to be a very interesting show. What do you think has changed? What have we done wrong? What do you think it’ll take to fix it if it can be fixed at all? No news notes this week, but they’ll be back next week.

Comments (0)

supporters webpage

Hi.
I have a supporters/ partners webpage.
It can be found here.
https://wp.me/P1ssMG-1v6
Currently I have the blind perspective and top tech tidbits magazine listed.
Sadly perspective hasn’t returned a request but tidbits has.
The site will be featured in the next issue as a 1 off and this site is classified as a supporter/ partner.
www.toptechtidbits.com/partners.html is the site for the profiles.

I will be working on more casts but these may take a bit.

Comments (0)

The Security box, podcast 59: Scott Schober, The Q2 Intelligence Report, News Notes and plenty of commentary

Hello folks,

Welcome to podcast 59 of the security box. It was recorded on September 2, 2021.

This is our longest podcast to date, but it is well worth the listen. I really liked the interview I did with Scott, but the podcast really took a turn after news notes.

The show notes with all of the links follow.

Hello folks, welcome to the Security box, podcast 59. On this edition of the program we have two different prerecorded segments for you.

First, we interview Scott Schober of Berkeley Varitronics Systems, Inc. He’s written various books which we talk about, as well as some of what is going on in the security landscape.

Next, we have a talk that was done by Phishlabs, who did the Quarter 2 Phishing Trends report.

To top it all off, we’ll have news and notes from around the landscape as well as questions and comments after each segment if any.

>

News Notes from around the web

Thanks for listening!

Don’t have RSS? No problem! Download our 245.1mb file which you can find by using this link. I hope you enjoy the program and thanks again for listening!

Comments (0)

This week in security news, news ending August 27, 2021

This is the link to the securithy news that ended last Friday, the 27th.

Looking at the headlines, there may be something you need to know, but I’ll let you peruse the headlines and then decide if something is of interest for you. Thanks Trend Micro.

  • Linux Threat Report H1′ 2021: Key Security Takeaways
  • Google Removes Fake Crypto-Mining Apps
  • Earth Baku Returns: Uncovering the Upgraded Toolset Behind the APT Group’s New Cyberespionage Campaign

    • Ransomware on a Rampage; a New Wake-Up Call

  • TippingPoint Threat Protection System Certified by NetSecOPEN
  • OnePercent Ransomware Group Hits Companies via IceID Banking Trojan
  • New Campaign Sees LokiBot Delivered Via Multiple Methods
  • Poly Network Recoups $610M Stolen from DeFi Platform
  • What the Norton-Avast Merger Means for Cybersecurity
  • White House Rolls Out Pipeline, Supply Chain Security Initiatives as Companies Pledge Billions in Cyber Spending

I read some, depending on the source. What did you find and was it of interest?

Comments (1)

Another crime gang is now calling victims if they don’t pay

FBI warns that Hive ransomware hackers are calling victims by phone is a very interesting article that we can’t pass up. As I get news notes together, I’ll do my best to find the ones I think should be blogged, so look out for some more blog posts.

According to the article, maze, conti and RYUK were three others that used this tactic if they didn’t get a ransom.

I know a lot of us don’t want to answer our phones, and I had that experience today. I was on a call so let the other one go by. When I checked voice mail, it said to press one to talk to a specialist for warranty coverage or 3 to cancel the coverage. What warranty and what coverage? I don’t have a car, I can’t drive. I wish I could, but it isn’t in my cards.

There’s plenty to read in this article, better on click through if this interests you.

Comments (0)

The Security Box, podcast 58: What the Hell is Going On with T-Mobile?

Hello folks,

This is the link for this week’s program. It is 151.11mb in size.

As a side note, the RSS got two podcasts as we were notified that podcast 56 didn’t make it up and it is now.

Here are the show notes for podcast 58.

The Security Box, podcast 58: What’s the matter with T-mobile? Why are system failures on the rise? News Notes and More

Hello Everyone, welcome to the Security Box, podcast 58. Question: what the hell is going on with T-Mobile and their inconsistancies of containing breaches and lying about what they were going to do when they were granted the murger with Sprint? Who is ENISA and why are they saying that system failures are on the rise? Finally, what is the Chaos Ransomware and why could it have impacts beyond a proof of concept? We explore all of these topics, as well as news and notes from around the landscape on this edition of the podcast. Fasten your seatbelts!

T-Mobile

Here are the articles read that deal with T-Mobile to date. We’re still learning more and nothing is very clear yet. The investigation continues.

Other Topics

News Notes from around the landscape

End of notes

Comments (0)

Other articles that might be of interest

Hey folks,

Here are other articles that might be of interest that we’ve read from the past week.

You’ll see these again as they’re in news notes, but I thought you should probably see these in case you want to send commentary about them for a future program whether it is this one coming up or another one. Hope to see some of you later on, and th link will be provided later on.

Comments (0)

System failures on the rise

ENISA says System Failure is on the Rise is a Trend Micro article that I think we need to review. For the show notes, I’m going to read the bulk of the article as part of the discussion, and Trend Micro links to the reports they’re talking about.

They also have a paper on research in to this area.

Normally I don’t read the articles in full, but this article is quite interesting and has lots of numbers in here that I think are important as part of leading the discussion.

Let me know what you think about this article and some of what it has to say. I’d be curious.

Comments (0)

Nokia subsidiary reveals data breach following Conti ransomware raid – TechCentral.ie

Just coming across this one. Nokia through someone else. Here’s a bit from the article and a link. It didn’t saycustomer data was targeted, but you should read it so you are aware.

A Chicago-based subsidiary of Nokia has admitted to a data breach after it was the victim of a ransomware attack that left systems encrypted and data stolen. According to a letter sent out to current and former employees, SAC Wireless disclosed that an unauthorised third party accessed its systems as part of a ransomware attack [&hellip

Source: Nokia subsidiary reveals data breach following Conti ransomware raid – TechCentral.ie

Comments (0)

the vale complete playthrough

Hi well just uploaded the vale playthrough which I have been wanting to get out for ages.
Look at the blindvms page.
Its on the cutt.us/blindvms, page as always.
Anchor.fm and mixcloud have it to.
Anchor has it in full episode form at least 6 hours though, and mixcloud has it in part form because you can only upload 1 file at a time.
In addition I have made this have its own folder on keybase.
https://keybase.pub/shauneve/valeplaythrough/
There are 5 episodes numbered.

The first is the introduction and is basically the demo.
The second is rivertown itself.
The third and 4th should have been 1 but I had to end it prematurely because dad started mowing the grass and I had to stop due to noise.
Part4 is crow itself and part 5 is basically what was left.
This ends this current itteration of audiogame work and it looks fine.

Comments (0)

T-Mobile is not done, now class action suits are coming

Michael in Tennessee sent this article titled How angry T-Mobile subscribers responded to the latest data breach and its time for t-mobile to come up to the plate and tell us the story. While the show notes of this coming podcast has earlier articles, I infdicate we’re still learning more and this lawsuit hopefully will get t-mobile to think about this long and hard.

I’m not sure we’re done, but there are millions of t-mobile customers who will never see any kind of money. Better read this one if you’re a T-Mobile customer. This is only getting started.

Comments (0)

Chaos Ransomware is something to be afraid of

Hello folks,

One of our other topics as part of this coming week’s podcast is talking about the Chaos Ransomware Development kit. In some similarities, it did at one point resemble RYUK, although its early days resembled more of a Trojan than ransomware activity, but now, they’re in line with the ransomware activities.

Trend Micro indicates that there are no victims yet that have been affected, and its already on its fourth iteration.

For the complete details, please read Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications and prepare for a long list of file extensions it can target. Some you may be familiar with, others you won’t. Just know you’ll be in serious trouble if you do get this.

YOur typical file extension like .txt, .htm, .asp, .mp3, .mpeg, .mp4 and many others are listed. Better look at the article, we sent this to the Security Box list already and finally getting a chance to write about some stuff.

Comments (0)

What’s going on with T-Mobile?

Here is the article list which was read in the past week dealing with the recently reported T-Mobile breach.

We’re still in the informative stages, but we’ll be talking about this on the tech podcast known as the security box for this next week.

I talk about some info from several of the below articles, but they are still in the informative stage, as you’ll see from the titles.

Please protect yourself.

Comments (0)

The Security box, podcast 57: the name game of Ransomware Gangs, Windows Update, and CSAM and apple products

Here is the Security box, podcast 57 as a download. Here is our RSS if you need it.

The file size is 115.7mb for those who want to know.

Here are the show notes for this program.

Welcome to the security box, podcast 57. We have three topics for you today, and I hope that you will enjoy them. The first topic for this podcast will be talking about the name game of the ransomware gangs we have out there. The second topic which was totally forgotten is of course Windows Update and what is happening with that operating system. Finally, probably the most contravercial topic we have to date, Apple and how they’re handling the images that people may have that are backed up in to icloud that deal with children and the potential of abusive images of a sexual nature. We will also have news notes and commentary as well, buckle up as you don’t know what’ll happen with these topics! The program may contain adult content, and listener disgression is advised.

Topics

  • Apple says it will refuse gov’t demands to expand photo-scanning beyond CSAM Ars Technica

    • News and Notes from around the landscape

    The following are items that will be linked here and discussed in news notes for this week. There may be items that are not article related that may not be shown here in the notes.

    There may be more, please check out our blog and email list for more. Thanks for reading and listening to our show!

    End of program

    Comments (0)

    Security News ending August 6, 2021

    I’ve been meaning just to blog the This Week in Security News – August 6, 2021 which was last week’s news. I’ve been getting bad at doing this, and I have this past week’s still to go and look at. This is beyond repair and I must get better.

    • Browser Notification Spam Tricks Clicks for Ad Revenue
    • Survey of 3,600 businesses worldwide calls cloud computing an ‘elevated risk’
    • Homeland Security Releases New Cybersecurity Rules
    • Your Facebook Account Was Hacked. Getting Help May Take Weeks — Or $299
    • The First Half of 2021 Cyber Risk Index
    • 14 Top Cybersecurity Trends to Expect at Black Hat Conference
    • Supply Chain Attacks from a Managed Detection and Response Perspective
    • Ransomware Attackers Eying ‘Pure Data-Leakage Model’
    • US Government Agencies Are Failing to Meet Even Basic Cybersecurity Standards

    Above are the article titles, links are in the article I linked to already. Find something of interest you want to have discussed? Bring it up!

    Comments (0)

    Older Posts »

    go to sections menu

    navigation menu

    go to sections menu