go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: September 2019

Go to Homepage [0], contents or to navigation menu



What do you think when you hear the words heat stroke?

Let me start off this blog post with a question. What do you think when you hear the word heat stroke? According to Wikipedia, “Heat stroke, also known as sun stroke, is a type of severe heat illness that results in a body temperature greater than 40.0 °C (104.0 °F) and confusion.
Other symptoms include red skin, headache, and dizziness. … Heat stroke occurs because of high external temperatures or physical exertion.” That is what I thought about when I saw this article ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information which was posted on the 29th of August on Trend Micro’s Security Intellegance Blog. In this article, Heat Stroke is not two words, its one, and boy does it have nothing to do with the sun.

As I write this blog post, I’ve returned home from an appointment and it was already 84 degrees at 10 am. We have whats called a heat advisory for the area, and its prolonged heat for many hours of the day.

We can take the heat advisory and weather discussion to this blog post, because it is described as a multi-staged attack to get information such as Paypal credentials, Apple credentials, or anything the developers wish to extract from the victim in which gets the message. The name comes from something in their code, and thats how most of these are named. Its facinating that it would be considered heat stroke, because it has legit looking web pages even though it redirects users based on criteria. This is quite interesting, and I found this facinating how the actors behind this don’t deliver it to certain people if certain conditions are met, but yet, the landing pages know this.

What bothers me about this whole reading is the fact the page seems to do nothing until everything is validated. The actors went to great lengths to validate the authentisity of the data, especially credit card data. I would recommend reading the attached article about this threat, and lets make sure we pass this along to our readers and listeners. Thanks for listening!

Comments (0)

What Capital One’s breach can teach us about access management in the cloud

I recently saw an article What Capital One’s breach can teach us about access management in the cloud and it is a very delicate situation. There are different things at play here, and its going to get interesting as this case moves forward. This is a video which I must have missed. Thoughts on this video? Just watching it as I produce this article post for the blog is quite interesting.

Comments (0)

Teenager gets caught hacking musician accounts

Teenager arrested in UK for allegedly hacking ‘world-famous’ musicians is the article that I spotted today by Cyberscoop staff. According to the article, this guy got caught after he ellegedly hacked in to musicians accounts of various kinds.

A 19-year-old man has been arrested for allegedly hacking the websites and “cloud-based accounts” of “world-famous” musicians, stealing their unreleased
work, and selling the music for cryptocurrency, U.S. and British authorities announced Friday.

The man was arrested in Ipswich, a city in eastern England, after the search of a property there and one in North London, according to an announcement
from the Manhattan District Attorney Cyrus R. Vance Jr., and City of London Police Commissioner Ian Dyson.

The Manhattan D.A. investigated the incident after being contacted by the musicians’ management companies and worked with the London police ahead of the
arrest, according to the announcement.

Authorities did not name the victimized musicians, but City of London officials said they were all American, some of them Grammy-winning, NBC 4 New York reported.

He got access to unreleased material and sold it for bitcoin. Could you imagine if this was someone on the independent artist side? While my internet radio shows now a day deal with strictly independent artists, I definitely don’t want to hack to get the music, I feel that we should share it in a controled environment where they get airplay, as well as us buying it for airplay too. I’ve baught a lot of music, but I also have tried to reach out to see if people would release stuff to the network so they can get exposed to an audience.

One artist wanted me to buy as they didn’t feel comfortable with the aspect of sending it to me, and I complied. I understand their position, and I was happy to buy it. One of the albums got some praise, while others not so much. I definiteluy enjoyed it, but I would never go this far and hack in and steal stuff that isn’t rightly mine. I wonder what would end up happening to him? I guess we’ll find out over time.

If you see anything about this case, I’d love to keep up on it. Let me know what you think of this linked article, and of course it links too to another one as part of the original story. I’ve done the same.

Comments (0)

More great news, another hacker gets caught

According to this article on Cyberscoop: FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew is a great sign that shows that crime does not pay. This is the head of a company, yet, cybercrime can run like an organization like anything else. He is going to be charged in the United States, and he is the first member of this group found to be charged here. This is definitely going to get interesting, thoughts on this one?

This group stole over 15 million credit cards, and remember that we’re not responding to charges we don’t recognize by paying it. We must continue to be dilligent and report charges we don’t recognize.

Lets keep fighting.

Comments (0)

Windows update is out, time to update

Hello folks,

Welcome to another weekend, where we have information dealing on windows update. Patch Tuesday, September 2019 Edition comes from Krebs, and September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days from the intelligence blog at Trend Micro. This is worth reading, and I hope that you do. This is something that we need to pass along, and I am doing just that. Make it a great weekend!

Comments (0)

Latest outages

Hello folks,

We’ve been aware of outages across the network. The provider is aware of it, and it is out of their hands. I am unable to write any more at this time, as its an ongoing investigation. I’m hopeful we’re now stable. Please also welcome our newest contributer and check out the article on Phishing. Very valuable. Thanks again for your support.

Comments (0)

What is Phishing: Learn How to Protect Your Company

Phishing attacks are common security challenges that affect both individuals and companies as they strive to keep their information secure. Cybercriminals execute phishing attacks through email, social media, phone calls, and other forms of communication to steal useful information like passwords, credit card details, and other sensitive information. Businesses are always a worthwhile target for cybercriminals, and it’s important to understand what phishing is to protect yourself.

According to recent statistics, 90 percent of all data breaches can be linked to phishing attacks. It’s surprising that many businesses still don’t understand how to effectively protect themselves from phishing attacks despite the alarming statistics.

With the average cost of a successful phishing attack costing an average of $1.6 million, small and medium-sized businesses should learn how to identify phishing attempts and educate their employees about the risks of such scams.

What is Phishing?

Phishing refers to a cybercrime where the victim is contacted by someone impersonating a respected organization, institution or individual in a bid to lure them to disclose confidential information. It could be a password, personal identification number, or banking details. The information is then used to access target accounts, often leading to huge financial losses. When targeting businesses, phishing attacks can result in the loss of company data, such as revenue figures or tax information.

Traditionally, phishing scams were executed through emails. However, there has been a significant rise in the number of phishing scams carried out through text messages and phone calls. Spear phishing, a personalized kind of phishing attack aimed at a select target, has also been on the rise. It could come in the form of a message ostensibly coming from your bank to update your account information or your employer asking you to sign an important document.

Phishing Scams & Ransomware

Other than getting invaluable confidential information from victims, phishing scams can also be used to execute ransomware on your device. Ransomware is simply a scheme to encrypt data on your device and deny you access to your valuable data. The cybercriminals will then demand a ransom before they can decrypt the files.

According to PhishMe’s 2016 report, 93 percent of all phishing emails contained ransomware. In 2017, the cyber attack on NHS demonstrated how ransomware can bring down even the largest organizations. Ransomware is often spread through email attachments from fraudulent sources. Once you open those attachments, ransomware is directly downloaded to your device. It’s important to learn how to identify phishing scams to stay clear of ransomware attacks.

How to Protect Against Phishing Scams

Most phishing messages can be easily identified as they portray the true intentions of cybercriminals. However, some are well-crafted that just looking at the tell-tale signs may not be adequate. Here are some ways to stay clear of phishing scams;

Use Email filters

Email filters can certainly help to screen malicious emails. Some email providers may have more effective spam and junk mail filters and it’s important to research before you settle on an email service provider. Additionally, you can disable all hyperlinks on email settings if you’re concerned about the dangers of email phishing.

Install Antivirus Software

Always keep your antivirus software up to date to safeguard your business from phishing attacks. The anti-phishing functionality of your antivirus will scan all email attachments and check whether they are malicious or not. Antivirus also protects you from other dangerous threats.

Use a VPN

A Virtual Private Network (VPN) is designed to protect you from threats while browsing the internet, especially when you use a public Wi-Fi connection to access sensitive accounts. An effective VPN will encrypt your data when accessing the internet. However, it’s important to avoid logging into online banking accounts or other sensitive accounts while on unsecured networks.

Summary

Many data breaches can be traced back to phishing attacks. Protect your business effectively from this damaging cybercrime by putting in place the above measures. Ultimately, human error is the biggest risk to the integrity and security of your company’s data. Train your employees on the risks of phishing scams and how they can identify such schemes.

 

Comments (0)

Cybersecurity: 99% of email attacks rely on victims clicking links

I spotted this article entitled: Cybersecurity: 99% of email attacks rely on victims clicking links today and I think this needs to change. We keep seeing breach after breach, but yet, its the same thing that starts it. We’re not teaching anything, but I’m trying to do my part in educating but I can’t do it alone. Lets discuss this ordeal of the fact that we all click and how we can try to do better. Only time will tell, but education is a start, and not rushing through things is another.

Comments (0)

California highway barrier not repaired before fatal Tesla crash

Can someone explain to me why this was not done? According to this article entitled California highway barrier not repaired before fatal Tesla crash we had some serious problems with things on the highway. I’m not sure about these things they’re talking about, but it was a serious problem. The problem we’ve got is that this can’t go on like this, right? Lets say the things they’re talking about were at cross walks to aid the blind and disabled to cross the street, one on each side of the crosswalk. It wouldn’t be across all lanes because they’re to be there for barrier sake. But if something like it was devised for marking the beginning and ending of the crosswalk, and cars can drive over it when slowed, and it was damaged as cars tend to drive fast, then we’ve got problems, don’t we? Thoughts?

Comments (0)

Why is the DMV ellegedly selling your personal data? This article discusses this

I just found an article on twitter that is just beyond repair. You would think that the department of motor vehicles would have your interest at heart. My goal is not to sell any data, goive it away, or have anything to do with that practice. Accpording to this scaving article DMVs Are Selling Your Data to Private Investigators talks about this scary practice. Someone got killed because they hired someone to get the info and killed them. I’m glad I do not sell any personal information about any customer, member of an organization, or contacts that are personal that I have telephone numbers for. We need to bring this to the spotlight and say that this is enough. When is enough enough? Thoughts?

Comments (0)

Accused Capital One hacker pleads not guilty to all charges

I’ve been thinking about this article entitled Accused Capital One hacker pleads not guilty to all charges which I read and was posted on Sep 5 from Cyberscoop. This woman seemed to me like she was guilty, because of her reaction when arrested. I know that you can plead not guilty before trial, and trial can determine your fait, and the United States law allows you to do it. The government thinks Page is a flight risk. If Page was a flight risk, she could’ve been gone after the supposed hack, unless she never had that chance. This is going to get interesting as time progresses. Lets just see what happens, but I’ve been thinking about this a little more. Thoughts?

Comments (0)

Why Social Media is Increasingly Abused for Phishing Attacks

I recently read an article called Why Social Media is Increasingly Abused for Phishing Attacks and I found it interesting. Problem is that its true. While different people have found me on twitter and wanted to start relationships, I’ve been caucious because all of this is text. Several wanted to move to hangouts which is fine, and they ask personal questions. One of these people even went so far as to ask me to open a bank account here so money can be transfered and they can have access because they were in the millitary and they weren’t supposed to be even talking to people around the country. They never called me, and I told them this was not going to happen. Another person started a relationship with me same deal, but when i mentioned that this was only a text message conversation and I don’t do text conversations for relationships.

This type of thing happens all the time, and you need to be on guard. Whether you use hangouts, twitter, facebook, linked in, or any other social media, you need to be careful. You never know what is going to happen. People can ask for relationships and they could be not who they say they are.

The article itself was worth the read, and I encourage everyone to read it. Its definitely an eye opener since all of these platforms are a form of social media in some form or another.

Here is a little more on the social media aspect in regards to the phishing and social media aspect.

for malicious purposes. In the case of social media, there are numerous forms of phishing that occur:

list of 7 items
• Impersonation
• Credential theft
• Propagating attacks
• Data dumps
• Romance scams
• 419 Scams (Nigerian prince)
• Intelligence gathering (for account takeover and spearphishing)

There’s more, I’d suggest you give it a read. I’ll be talking about this article in detail on a future podcast.

Thanks for reading!

Comments (0)

Romanian Cybercriminals Sentenced for Phishing Campaign

I must have missed this, or read it and forgot about it. The article is: Romanian Cybercriminals Sentenced for Phishing Campaign and its another one of these good news stories I just love to share. Crime does not pay.

Comments (0)

Tech podcast 321

The RSS feed has this podcast I just uploaded Completed on the 2nd, i’m posting it late. Its all good.


Welcome to podcast 321 of the technology blog and podcast. In no way am I complaining at all, but I really think that braille transcription software, no matter what you use, should be a tool. When I started lesson 15, discussed in full in the first segment, I found that I seemed very confused. Its not graded yet, and I’m sure I have a few things to correct before my first submission, but I’m confident I’ll understand it. This article entitled Transcription software can’t do it all: Even Braille 2000 doesn’t have every possibility is a written aspect, but the first 30 minute segment goes in to an audio detail of the lesson and my confusions. Next, a very interesting ted talk dealing with storing data and DNA. I mention telephone systems including Live Wire, MyTelespace, and Philmore Productions Voice mail as examples of systems that could utalize this if it were to ever happen and how Philmore Productions could do things better and how Live Wire hasn’t lost any data because of a different backup routine. No trashing is going on here, but the talk and the recent Philmore Productions news about their data made me think about this a little more. Next, Armando is along with a very interesting talk about the Iphone and how we can utalize it without a home button. I relate an experience with a supervisor of a company when I showed him how Voice Over worked, and he didn’t have a home button. Contact info on both sides of the program is given. Thanks for listening!

Comments (0)

Philmore up … Philmore down … are you done with the game?

So its been awhile, and boy, it seems like Philmore can’t be stabilized. Going back on their word on refunds, they talk about the standard business practice of customers requesting refunds for all the downtime. While I can agree with this practice, the company made it very clear that they would do this once the system came up. They have not.

To add insult to injury, let me ask you a question. Would you use something that is not compatible with your system, or would you make sure that it is compatible? I think we have this type of problem now with Philmore productions, and it can’t be good. Turns out, that we still have a computer which continues to reboot randomly, and the cause is the dialogic card, one in which may not be compatible with the software or version of the operating system. I’m being caucious, because I do not know exactly what is going on, but we can confirm that it is not compatible.

What I’ve noticed with this company is something that I’ve seen too much with them. The programming and development of the system is comparible to others I’ve been on, but the transparency or lack thereof, has not been the greatest. Promises and no action, or promises and excuses on why it can’t be delivered.

Long time customers are choosing that this is enough, on their own. While I’ve written blogs, talked about the situations via podcasts in audio, or even in conferences or one on one, the fact is that customers are seeing what this company is really like. This can’t be a good thing for them, and we don’t know or can’t predict whats going to happen. Companies come and go all the time, whether its customer problems, or money or other issues. I’ve been predicting Philmore to be gone for several years now, and maybe this will put the nail in the coffin. I’m not sure, but its all in writing.

One of their customers posted on their bulletin board system talking about all of the past, and how they were tired of it. It was a very lengthy message which we aren’t able to get a copy of, but from what I hear, it was well thought out. The company did confirm that the data was corrupted and couldn’t be salvageable and the tech blog and podcast as well as others close to the network said the same thing.

How much worse can it get for this company? I’m not sure, but only time will tell what will really happen. Comment if you wish.

Comments (0)

‘Satori’ IoT Botnet Operator Pleads Guilty

Here’s an article I read entitled ‘Satori’ IoT Botnet Operator Pleads Guilty and it is complex. Why do I only see these types of things posted on Krebs on Security? Sure, Cyberscoop covers a few of these, but I think stories like this should be made more public which is why I post these. This is a very complex story, and I’m not about to try and dysect this story in to thoughts for you in a blog post. I will tell you that its worth the read, and feel free to comment.

Comments (0)

Have you ever been in a phishing simulation?

I’ve got a question for everyone on this blog. Have you ever been on a phishing simulation where something is sent to you and you’re to determine if it is real or fake? I’ve not, and I’m wondering how we can do that as consumers. Phishlabs has a blog out entitled Phishing Simulations: Should they Reflect Real-World Attacks? This is a real question that I’d love to participate in. I see different types of things I know I’m not to open, but there are times I’m sure I’ve been duped. We all have. Take a look, look at the TTP’s and lets learn together how we can protect ourselves.

Comments (0)

go to sections menu


navigation menu

go to sections menu