The Technology blog and podcast

Where are teenagers and the threat landscape? They’re just causing havoc with no end in site and unchecked

The big question is, “Where are teenagers and the threat landscape?” In an opinion piece I’d call it, Michael in Tennessee sent an article titled Teens with “digital bazookas” are winning the ransomware war, researcher laments where Kevin Beaumont is quoted throughout the article talking about various ransomware attacks, and the fact that teens have more money to hire and supply attacks better than the defenderscan defend them.

I’ll give you an example. This morning, I got an email that was clearly in Spanish. It also had a PDF attachment that said pdf.rar. The file was named and included a single attached RAR extension.

“Well Jared, what’s wrong with RAR? Its a zip file extension.”

You’re right, it is. But my hunch is, that it has an executable within the RAR file that could in fact infect me.

Whoever sent it doesn’t know I don’t speak Spanish enough to understand most of the email although i got that it said something that was $5€ but beyond that, I have no idea.

The file name I would assume is a file apparently that has instructions for transferring $964,000 somewhere, of course money I don’t have.

I believe Malwarebytes won’t even let me scan this file because its infected and it knows that by scanning on save.

The article talks about a new vulnerability now patched called CitrixBleed which Security Now has covered.

web site

It also goes on to talk about patching and how important it is. Without companies big and small taking these vulnerabilities seriously, our future will be full of problems with no solution because nobody cares.

When Windows asks me to update, I always tell it to reboot and patch. It protects me.

What can you learn about what this article is talking about?

Again, the article is titled Teens with “digital bazookas” are winning the ransomware war, researcher laments and its an eye opening discussion for new people to learn why its important to patch.

Happy reading!

Comments (0)

A couple news articles

Hi all.
This is your co admin here.
I usually don’t do much bar lerk.
However I thought this load should be usefull.
Firstly this one.
https://www.rnz.co.nz/news/business/503487/humiliating-embarrassing-payment-devices-unusable-by-blind-people

Then this one.
https://www.rnz.co.nz/news/world/503486/google-drive-users-in-a-panic-as-files-disappear

Eftpos terminals have been usefull to us but lets face it, of late the last 3 or so years at least, most of the systems are touch.
They do have a screen reader but the reader doesn’t work that well.
I mean you can stray from the touch board, its almost unusable, I have tried.
I have also tested with one of the local banks and they are not and staff saw me struggle with them.
I understand the need for the upgrade, but why all like this.
A bluetooth board with the buttons to hit as an old terminal would be quite good.
Even if it was just the imbedded one they had where 1 2 and 3 did your accounts and then you put in your number and hit enter and have the machine do its thing would be fine.

Not sure why its in the news now.
Next, a lot of us use the google cloud system and to their credit there are usually no real malfunctions so why in gods name is google mum about drive stopping working all of a sudden and losing files.
The net is run on the cloud so its big news when things like this fail.
Anyway jared any of these could make a ttech podcast.
I’d even go so far as being on it with you or other things if you wanted this.

Comments (0)

Its giving Tuesday once again

You’ll probably get a lot of email from various companies about giving to them for specific needs. While I don’t make it a habit on publishing my donations page like others might, I don’t want people to know that this network is small and our content is free to you to consume, replay if you wish and share.

If anyone enjoys the content and wishes to donate, why not donate? We take Paypal directly and we also have links to pay in increments by credit card.

The network takes all major credit cards, so please feel free to do so.

No purchase is necessary to download, we may be able to do comercial free TSB programs if enough decide.

There is no minimum, and I’m going to leave it up to the consumer to choose their amount they wish to give.

Stay well!

Comments (0)

Port Out scams and a note from How To Geek

I’m ever getting closer, and found the following boost on Mastodon.

Tim Appleby: Boosting David Goldfield (davidGoldfield): Criminals Can Steal Your Phone Number. Here’s How to Stop Them https://www.howtogeek.com/358352/criminals-can-steal-your-phone-number-heres-how-to-stop-them/

The link leads to Criminals Can Steal Your Phone Number. Here’s How to Stop Them which is a must read once you get past the links.

Port out scams can happen to anyone. The article has instructions for several different carriers and links where appropriate. They do a great job on explaining what a port out scam is, the fact you need to use something than SMS for two-factor, and give you ideas on what you can use.

Check this out, and pass it to your friends.

Comments (0)

Google Chrome will start limiting ad blockers

Ad blockers are good when they work, and programs like Ublock Origin work well. But Google will start to implement manifest V3 with limitations on blocking advertisers and their tracking. Ublock will practicly be useless as this program has 300,000 rules and you can import more.

While Firefox will also implement manifest 3, Mozilla will not be putting any limitations in place.

Please read the full Ars Technica article TECT SHEEP —
Google Chrome will limit ad blockers star for complete details.

Comments (0)

There is a secretive surveilence program out ther0e and its been around for many years

BrianKrebs: Boosting Dell Cameron (dell): SCOOP: An obscure White House program surveilling over a *trillion* US call records each year is under fire. Sen. Wyden is challenging its legality, urging DOJ to stop prohibiting him from disclosing info he says will “outrage” Congress.

https://www.wired.com/story/hemisphere-das-white-house-surveillance-trillions-us-call-records/

We know about various programs out there that allow for surveilence of people outside the U.S. and for certain situations. But even then, while reading this lengthy wired article that we’ll link to shortly, it seemed to me that anyone calling the U.S. from outside the U.S. was surveiled whether they did anything wrong or not.

I could’ve sworn we covered this on the blog when that came out, but I’m not finding it. Despite this, you can probably do searches that will cover that aspect of things and come out with some articles.

Now on to this article. There has been an on again off again program called Data Analytical Services or DAS.

Unlike these other programs, this particular program was designated a whitehouse program and is not subjected to the scrutiny of other programs.

This program also takes in to account that it collects all kinds of traffic going across AT&T and its vast network, and all kinds of law enforcement can access it through a subpoena if nothing else.

No call recordings are made available, but the most important thing that can be made available to us that we do know is that all kinds of location data is sent to law enforcement and for anything they ever want.

There’s a lengthy letter at the end that Wired has from the senator who is questioning this program. Of course, my network may be familiar with senator Ron Wyden and his championship of making sure privacy is followed to the best of our ability.

Instead of me tearing the article apart, as there may be linking available within it, why not read it and the accompanying article? Its titled 3 1:25 PM
Secretive White House Surveillance Program Gives Cops Access to Trillions of US Pho and it was quite interesting.

If you’ve read the article, what did you think?

Just to end this, this program surveils a trillion phone records each and every year, take that to the bank. I’m sure that this may be braught up on a future podcast, although the article is lengthy including the letter which is diagnosed and talked about throughout the piece.

Comments (0)

Tomorrow on the security hour

Here are notations for tomorrow’s security hour. If you’ve not listened to TSB or read the article, my memory serves me that we’re due for this discussion.

Here are the notes for tomorrow. The Security Hour of Throwback Saturday Night is at 8 CT, 6 PT. It airs on Saturday on the mix, and check affiliates for air times.

---

On today’s program, What Gen Z really cares about when it comes to privacy comes to us from Malware Bytes. Jared covers a few things within the article, but we want people to read the article so that you can get an understanding. The team will discuss their thoughts on this important topic, and Jared can see why the shift is coming. Please sound off in regards to this article, and thanks for listening!

---

We hope you enjoy this program! Throwback starts with music at 7 CT, 5 PT on the mix so come join and take your seats on server 2 early.

Thanks for listening!

Comments (0)

The Security box, podcast 170: Password managers

Happy Thanksgiving from all of us at the Jared Rimer Network. This podcast is pre-taped and was completed on the 20th.

While we recharge our batteries, this podcast is of interest because of the fact that we’ve had an inquiry about one such manager which was said by one person to be a scam and hacking web site.

We go through three of these managers but there are plenty more.

Do you not have RSS? Don’t worry! Please use this link to get the 78.3mb file and I thank each and every one of you for participating and learning with us!

Here are the full show notes as we also bring back our Things to Ponder segment in a different way.

---

Hello folks, welcome to the podcast. We’re talking about password managers in a big way today. Links to the major managers are given. Its not a complete list, and there may be others I’m not aware of that may be trusted or we don’t know much about. We bring back things to ponder in a different way and you’ll get a taste of this in this podcast. I hope you enjoy the program as much as we have bringing it together for you. Happy holidays from all of us at the JRN!

---

Things to ponder

Today, we’ve got two for you and they’re both blog posts.

• How much does social media cost underground?
• Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over?

Want your opinion known in this segment? Send an audio file!

---

Password managers

Below, please find the list of managers we talked about. Again, this isn’t a complete list. Make sure you listen to the first segment which explains why we decided to put this podcast together.

• 1password
• Lastpass
• Keepass

---

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

---

Internet Radio affiliates airing our program

Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Comments (0)

A bit of an older article talking about Swat USA

This article is a little bit older. It talks about Swat USA.

This is a group based in Russia and recruits people to ship things and those people are based in the United States.

They have over 1200 people who are residents who have been muled to ship stolen goods.

Apparently, they were to be paid for doing this, but they’ve not been doing this for a month, and there may not be a promise of getting paid.

The current co-owner of SWAT, a cybercriminal who uses the nickname “Fearlless,” operates primarily on the cybercrime forum Verified. This Russian-language forum has tens of thousands of members, and it has suffered several hacks that exposed more than a decade’s worth of user data and direct messages.

If this is the case, if those people are in places where they can be picked up, why are we not picking them up? I’m not saying we as in you and I, I’m saying we as in the people who are responsible for arresting bad actors.

As usual, Brian goes into detail when he names people, so please feel free to read Who’s Behind the SWAT USA Reshipping Service? and I hope you find this of interest.

We’ll be in touch!

Comments (0)

Toyota confirms Breach

Toyota financial services, a divisionof Toyota Motor Company confirmed a breach after the well-known group known as Medusa took them for ransom.

Its not known if the financial division will pay, but the article titled Toyota confirms breach after Medusa ransomware threatens to leak data has the details we know so far.

I believe we’ve talked about Medusa before, you can definitely search it out and see what you get.

Comments (0)

Want a story on Mirai? Brian Krebs boosted one

Our good friend andy Greenberg penned a very lengthy article about Mirai. We have been talking about Mirai for many years, search it out on the blog.

In this almost 2 hour read, Andy painfully paints a picture in an introduction, two parts and an epilogue.

This is definitely something I think people who don’t know about the story should check out. Andy of course writes for Wired, and so far I found this fascinating. The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story and I read the first part. If you put the article in print view quickly, you can read it, but it is part of Wired’s paywall.

If you can get it to read, we’d love your thoughts. Its too long to cover, although I’d love to read part 2 which covers Brian Kreb’s aspect of covering this story.

Comments (0)

Vistamo Ransomware actor set to go to trial, I can’t wait!

I’ve been contemplating how to write this one up since I saw the article titled Alleged Extortioner of Psychotherapy Patients Faces Trial cross my desk.

Julius Kivimäki is the person’s name who is going to trial, and the article talks about his alleged crimes that he’s been involved as far back as 2015.

In November 2022, Kivimäki was charged with attempting to extort money from the Vastaamo Psychotherapy Center. In that breach, which occurred in October 2020, a hacker using the handle “Ransom Man” threatened to publish patient psychotherapy notes if Vastaamo did not pay a six-figure ransom demand.

This blog post is my original post on this topic, so if you have never read what I originally wrote, please feel free to do that one a read and feel free to send in your comments.

If you read that article carefully, especially the paragraph I quoted, we notated that this suspect has committed at least 50,000 crimes since he was 17 years of age.

As I think about this a little bit more, I hope that he doesn’t get the 5-10 years that a lot of these suspects get, but we all know that this is not how the law works.

This is where Ransom Man is different, as the next paragraph of the more recent article talked about the fact that if Vistamo didn’t pay, the customers would be targeted.

This … is where I draw the line. How could anyone think that your 5 to 6 figure ransom will be paid by people who need some type of medical help for whatever issues they’re going through in life? When I read the following paragraph, I pretty much lost it. That paragraph says:

Vastaamo refused, so Ransom Man shifted to extorting individual patients — sending them targeted emails threatening to publish their therapy notes unless paid a 500-euro ransom. When Ransom Man found little success extorting patients directly, they uploaded to the dark web a large compressed file containing all of the stolen Vastaamo patient records.

But he made a mistake, he had his home folder which pointed to other stuff too. The home folder, is something like “c:\users\jared” within a windows environment.

This is also talked about in the prior article that we linked from the prior blog post where I pretty much lost my mind.

I don’t remember if this particular topic was talked about on TSB, but you could search “Ransom Man” and see what comes up. You may have better luck searching with quotes to find articles and blog posts that cover this. For ease of convenience, I’l put these at the end of this post.

Brian continues to write:

Finnish prosecutors showed that Kivimäki’s credit card had been used to pay for the virtual server that hosted the stolen Vastaamo patient notes. What’s more, the home folder included in the Vastaamo patient data archive also allowed investigators to peer into other cybercrime projects of the accused, including domains that Ransom Man had access to as well as a lengthy history of commands he’d executed on the rented virtual server.

He continues:

Some of those domains allegedly administered by Kivimäki were set up to smear the reputations of different companies and individuals. One of those was a website that claimed to have been authored by a person who headed up IT infrastructure for a major bank in Norway which discussed the idea of legalizing child sexual abuse.

Even Mikko Hypponnen was amazed on the work done to get this evidence in a crime case.

Mikko Hyppönen, chief research officer at WithSecure (formerly F-Secure), said the Finnish authorities have done “amazing work,” and that “it’s rare to have this much evidence for a cybercrime case.”

I agree with Mikko’s thoughts here. We never hear about this much evidence. I just hope that he doesn’t walk away with 2-5 years like most do.

Again, the article is titled Alleged Extortioner of Psychotherapy Patients Faces Trial and I hope you read this update. It is definitely worth the read in full.

What else to read

• We’ve got an arrest, Krebs does a great job on this one
• Hacker charged, hacked psychotherapy center, demanded ransome and went after patients to pay

The first blog post linked within this list links to podcast 120 where we probably did talk about him, but it somehow isn’t in the notes. I guess we’ll see how it goes now that trial is set to begin.

Comments (0)

These are the 4 holiday scams to watch for this year

Its time to really step up your game, 4 scams you must be aware of before you do your holiday shopping. Some of these are not that bad for us, but others may. And remember, I may target the disabled community but that doesn’t mean we can’t share what we learn with those that need to know.

1. ‘Hi, I’m calling from Amazon’

Amazon won’t call you for account problems. Visit its official application or app and it’ll tell you if there is a problem with your account. If you have a payment problem, it’ll tell you right there. If you’re on the web site, logged in, it’ll tell you there. Never give your info to someone calling from Amazon unless you can verify that they are legitimately calling about your account.

---

2. An offer you can’t refuse

If there’s an email out there tehat claims that items you might be searching for are 50 to 75 percent off, it may be fake. Double and tripple check the URL. If you click on the link or press enter, go to the address bar and look at it quickly. Make sure you’re where you need to be. Make sure you read the guide titled Getting Link information via access technology to see how you can protect yourself. Its important that you do!

---

1. I’ll take that, please

Someone left a gift card they scanned at the self checkout line. You get stuck with the bill cause you didn’t notice it. This might be a bit harder for us because we have no idea. Self checkouts are mainly visual, but please pass this one and the next one to your sighted friends.

---

Finally: 4. The fake seasonal job

This might not be a big deal to the disabled, but if you’re a seasonal worker taking advantage of a job for a period of time, scammers may impersonate Amazon, UPS and other big box store shops that hire around this time of year.

Kim has the details on all of these, the article is titled Holiday scams: 4 spreading right now to watch out for and I hope you find this of value.

Thanks for reading, make it a great day!

Comments (0)

Scattered Spider

Scattered Spider is not one of these you want to mess with.

CISA issued an advisory about them and Databreaches published it on their blog.

Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their usual TTPs.

To read more, please use the article linked here. CISA Advisory: Scattered Spider is the article.

Be aware of who these guys are. Thanks for reading!

Comments (0)

More on ScatterSpider or the calm

We’ve blogged about “The Calm” (in quotations) and something we heard via the Cyber Crime Magazine podcast.

Today’s article is titled Data Privacy quick links
Data Privacy
Data Privacy quick links
list end
Tags which I know may be days old, but I’m only blogging things that are of value.

Some information we knew, while there are other things in this article.

This group is fairly loose, and we talked about the Violence as a service aspect of this group.

Hopefully, you’ll find this article of interest, including knowing that there are people in the western part of the country who in theory be arrested for their potential crimes.

Thanks so much for reading!

Comments (0)

Have you been stuck on prime?

I don’t have amazon prime, but numbers of people do. Amazon has been sued because they make it so difficult to cancel the service. While there’s a monthly cost, Kim’s article says that the yearly price is $139 a year.

If you use a lot of the features, great!

If you’re like me, and shop on Amazon a few times a month or less, I just pay the shipping if its less than $25 and its available for free shipping if over.

Amazon makes it so tricky to cancel that the FTC sued – Here’s how to do it should be read if the service is not what you want to pay for.

Comments (0)

How much does social media cost underground?

In case we didn’t cover this, or maybe we did, we’re covering this again. Found this on Kim’s site.

---

Have you ever thought about how much social media might cost if you were to buy usernames and passwords online? The bad news is that it literally costs as much as a burger or a sandwich at a local place like Starbucks or McDonalds as examples.

Some may actually cost more, and could cost as much as a full course meal at a local place like BJ’s Bruhouse for another example.

Check these stats out.

• • LinkedIn: $45
• Facebook: $14
• Instagram: $12
• Discord: $12
• Snapchat: $11
• X (Twitter): $10
• Pinterest: $9
• TikTok: $8
• Reddit: $6

I’m not surprised that Linked In is at the top and costs the most. You can really do damage with this one, because it is supposed to be social media for those in the workplace.

Most are your typical sandwich or burger joint prices while Linked In is at your price for Pasta, Dessert and an adult beverage.

PRIVACY
Bad news: Here’s how much your social media logins cost on the is the article, and I hope you all enjoy learning about this and what you can do to keep yourself safe.

Comments (0)

Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over?

Experian,

I don’t know what to continue to say about your service. While I’ve not been on Mastodon much due to other things going on, I do know that I still read.

I read the article that Brian recently released titled It’s Still Easy for Anyone to Become You at Experian and I’m just at a loss for words.

One major highlight is that I can sign up for an account, using someone’s email address, my info, and no email is ever sent to that person saying that their info is set.

While I read on Mastodon that an SMS is sent to do the verification by link, you can skip that and do it on the computer and nobody ever knows.

Remember that this company suffered a data breach, and this is their security?

• U.S. States Investigating Breach at Experian
• Its about time that experian face the music of their big mistake
• Hey Experian, what is happening? Time to check in with you

That last article, its leading to an article where they apparaently didn’t learn anything and they still haven’t learned anything.

When Equifax had their issues, they used Experian to assist. What?

blog post

I really didn’t go off on that, because I didn’t really know what to think about that ordeal.

Brian writes:

A request for my Experian account username required my full Social Security number and date of birth, after which the website displayed portions of an email address I never authorized and did not recognize (the full address was redacted by Experian).

Why the hell did they allow someone to take Brian’s account over? Brian had to take it back by resigning up? What? Is this not security 101?

He continues:

I immediately suspected that Experian was still allowing anyone to recreate their credit file account using the same personal information but a different email address, a major authentication failure that was explored in last year’s story, Experian, You Have Some Explaining to Do. So once again I sought to re-register as myself at Experian.

Can I just ask a question? Now Brian has lots of experience with this, and I am not questioning his article, but why would I use such a service that allows someone to use my email address to sign up and then give them their info instead of mine? Most services will not allow one to sign up with an email that belonged to someone’s account already. This is fucking discusting, I should say.

Skipping Brian’s experience, he writes:

In contrast, if you try to modify an existing account at either of the other two major consumer credit reporting bureaus — Equifax or TransUnion — they will ask you to enter a code sent to the email address or phone number on file before any changes can be made.

Of course they don’t comment when confronted with this, as the next paragraph says:

Reached for comment, Experian declined to share the full email address that was added without authorization to my credit file.

My question still asks why they allow this to begin with.

Anderson said all consumers have the option to activate a multi-factor authentication method that’s requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?

So they say you should use two-factor, yet it doesn’t prevent shit like this?

Brian goes in to mastodon experiences and other links, so we’ll stop here. But I could see signing up for an account, but I honestly don’t see the point if Experian is fucking lackadaisical at best.

Please read Brian’s full report, this I think is beyond repair. How much more aweful can it get?

The boards await you. There’s plenty more in the article.

Comments (0)

If you’ve got Christmas music going, you might be in the mood to buy

Just looking at email lately and found a newsletter that might be of value to each and every one of us.

Sonos, the product that is in my living area is a nice speaker. I don’t have the latest models, but they were once on the nice list. Better just keep what I have. If it quits, it quits.

Other products that seem to be on the naughty line include anything Google.

Who says this: the latest newsletter from Kim Komando talking about the gadgets that snoop on you.

You might want to read it so you know how to protect others you care about.

Before you buy holiday gifts, check this list for tech snoops is the article.

Three items of interest from the article include:

• Wyze’s smart home app asks for permission to read your text messages. Nope. 
• Bose headphones can track head movements — and may sell that data, along with your email address. Huh? 
• iRobot jumped into AI with the Roomba, and images from inside users’ homes leaked to Facebook. Come on!

We talked about EUFY in the past, I think that company should be boycotted.

EUFY is in hot water, should it be time to remove it?

We also talked about EUFY on podcast 124 of TSB.

Here are other items of value.

• Some good broke bad: Sonos and Bose have been in Mozilla’s good graces for privacy in recent years. They have earned its *Privacy Not Included warning label for the first time.
• Google went from just OK to officially bad: Also joining the formerly OK but now naughty list are (Google-owned) Fitbit and Tile trackers.
• Bad guys who keep getting worse: Amazon, Amazon Ring, Samsung, Microsoft Xbox and Wyze were already on the naughty list, but they managed to get worse.
• AI integration is much more common: It is used in at least 94 of the products Mozilla reviewed. Often, that means your personal information can be stored, studied, shared or all of the above. Two such cases: iRobot’s test-run Roombas’ video recordings were reviewed by humans for AI training. That resulted in images from inside test-users’ homes showing up on Facebook.
• Creepiest product ever: Mozilla added a ton of new products to its roster this year. Some were good, some were bad and others left Mozilla speechless. Almost. It rarely says this, but do not buy the Angel Watch for your child or vulnerable person in your life. This surveillance watch doesn’t have a privacy policy at all!

I know that I am not buying a single thing, maybe I’ll buy an amazon gift card for myself and of course I buy wisely. But Kims article should be read and its entirety. Have fun with this one!

Again, the article is titled Dreamstime.com
SECURITY & PRIVACY
Before you buy holiday gif for your perusal. Stay safe this holiday season!

Just a note, The Mix will start Christmas and holiday automation on Monday, the 20th. The Independent artist channel will start on December 1st if I remember how to set it all up.

I hope you enjoy your holiday season. We’ll be here during it to see what we can do to make sure you’re as safe as possible.

More to read:

• A more thorough Anker response in this piece … maybe things will change for this company
• Anker admits their camerass were unencrypted all along

Comments (0)

Main says it got owned by Klop, Move it breach

The state of Main says that they had a major breach of 1.3 million, although they said later in the article it was over 540,000.

The breach occurred at the end of May. This is quite interesting. Even though I’m a week behind, it was many months, but remember it can take over 100 days to know.

We know that Klop is still out there, whether they are or what is known as their ransomware tactics are still there.

The tech crunch article is titled Maine government says data breach affects 1.3 million people if you want to read it.

Comments (0)

Older Posts »

go to sections menu

---