go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: January 2021

Go to Homepage [0], contents or to navigation menu

sections menu

fine menu sezioni pagina

The Security box, podcast 27: Breaches of the last year, security predictions, news, notes and more

Hello everyone, the RSS feed has had the podcast for at least a day now. Today has been a bit draining today, although I’ve felt great when I woke up, but then just didn’t have a whole lot of energy as the day progressed.

That being said, I did listen to my daily podcast, and there has been news that came out of that and of course Trend Micro came out with other news I have not read. Some of this will be covered in next podcast, but this podcast does have some interesting topics today.

The RSS does have a lot of the show notes, but I like to be as detailed as I can with the show notes so we’ll have them here for you.

You tell me that you don’t want to deal with the RSS because you don’t have a reader, or you just don’t want to learn? That is OK. Get the 169.67mb file by clicking on the link or pressing enter.

Here are the show notes for this program, and thanks for listening!

Hello folks, welcome to the security box, podcast 27. Trend Micro has a report they do each year talking about the trends of the next year and its worth talking about. Did you know about any of the breaches of the past year? We’ll go through that thanks to Solutions Review, as well. We’ll have news, notes, commentary and more and even a guest to boot if everything goes well. Thanks so much for listening, and make it a great day!

Topics:

  • The Security Predictions from Trend Micro is always something fun to read. We’ll talk about some highlights that might be of interest, and of course, we’ll take questions and comments in regards to this. You can read the article entitled: Takeaways from Trend Micro’s 2021Predictions to learn more. I also posted a blog post with my thoughts on this one, and its available for everyone to read.
  • Are you aware of the biggest breaches of the year? There is a post with videos and text, and we’ll talk about this. Ben Canner, a follower of mine on twitter, tweeted out Solutions Review Presents: The Top Data Breaches of 2020 and boy, is it something that I think we should cover.
  • Cyber Wire Daily has what they call Research Saturday. This is a link to January 9th’s episode on Emotet and I will be summarizing this as part of this week’s program. There is a link to read show notes, and thanks to Overcast for providing a link to the episode, I think its worth sharing.

News Notes:

I think we’re going back to the original format that we started with, its much easier to maintain it that way. If you liked the other format, please let me know.

  • According to Cyberwire Daily, a podcast, President Trump was removed from Twitter for several days, as well as removed from Facebook until he leaves office. The Washinton Post may have an article on this, as they site the post as being where the reports of him being kicked off. The January 7th program talked about the fact President Trump urged people to show their displeasure, although a tweet said to do it peacefully. It made no difference, as people demonstrated and caused problems on January 6th and caused the recount to be delayed. It was resumed later in the evening, and president elect Joe Biden was confirmed. Facebook bans Trump indefinitely; risks ‘simply too great,’ Zuckerberg says and Facebook, Twitter act on Trump’s false messaging after violence at Capitol should be read in regards to the latest on this ordeal. These two articles were read after listening to the podcast.
  • This Week in Security News – Jan 8, 2021 has quite a lot of articles, some of which I had meant to cover but haden’t had an opportunity to blog about.
  • Russian man sentenced to 12 years in prison for massive JPMorgan data heist is a bit of good news after a long bout of wondering if we are going to get some good news. While I published some good news recently, 2021 has gotten off to a great start with this one. This J.P. Morgan breach at the time was the biggest to date for that time, but Solar Winds today tops that. This was well orchestrated, and you should read this.

Things to ponder:

  • Have you ever heard of Swatting? The tech podcast covered swatting and technology and things before, but swatting and Internet of things? Security Now episode 800 covers this in a 9 minute segment which I introduce making the segment over 12 minutes long. Do you really have your security settled?

Comments (0)

Use cloud environments? Better check this out

CISA sent an email about attackers taking advantage of poor cyber hygene. It was released on January 13th, and while it was short, I think this is of value to share.

The first paragraph says:

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques,
including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.

They recommend that people take a look at Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services for people who need it.
For the full article, Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments should be read and I hope that you find it of value.

Comments (1)

Apple’s Game-Changing iPhone Privacy Move Sparks Serious New Problem

Game over! Developers need to find another way to make money if they offer free apps. Its just a matter of time, but this article talks about IOS 14 having this feature. Kate does a great job covering this, so give it a read.

Apple’s game-changing new privacy move is great for users and bad for data collectors such as Facebook. And it could spark a serious new problem, according to reports.

Source: Apple’s Game-Changing iPhone Privacy Move Sparks Serious New Problem

Is it more of a problem for us or for developers? Sound off.

Comments (0)

Sans News Bites reports Minnesota’s Lake Region health care is the next victim on the ransomware is right

In all seriousness, on the next ransomware is right, the Minnesota health system is next up. I took the article from Health IT Security and it is entitled Minnesota’s Lake Region Healthcare Recovering From Ransomware Attack and it is a very interesting read. We did cover UHS in multiple articles from the blog and this particular article first linked mentions this and other health systems we may not have covered.

We need to really get a grip on our security, especially in the health care system. it isn’t enough to indicate that “we’re sorry” is going to cut it in this industry. The COVID-19 pandemic is in full swing, with sports going on and teams getting infected to the point where games are cancelled. One on Jan 11th and one on Jan 12th are cancelled because of the pandemic. Why should our health care have to suffer because of the fact that hospitals need to use other methods to verify care and the like because their operating systems and procedures are so out of date?Its time hospitals read articles like this so they can proactively figure out how to not get infected. Read the articles here, and add this to the list of more ransomware hit facilities and companies.

Comments (0)

Disgruntled former VP hacks company, disrupts PPE supply, earns jail term | ZDNet

The sabotage of electronic records led to delays in shipping critical PPE during the COVID-19 pandemic.

Source: Disgruntled former VP hacks company, disrupts PPE supply, earns jail term | ZDNet

One year should not be the default on sentencing for someone like this. The company could’ve been shut down because they couldn’t deliver, glad they’re not. Problem is that while one year may be a start, big time damage as you’ll read in the article was caused. Should one year be enough?

What do you guys think of someone going in and putting in a secret account and then getting fired just to have them do this? Would one year be enough for you to know he can’t possibly do that to another employer again? My thought is no. It becomes unauthorized access, and that is more than one year from what I’ve read in the past.

Comments (0)

House Passes Bill to Codify and Revamp FedRAMP

The bill would provide $20 million in annual appropriations for the federal cloud security program.

Source: House Passes Bill to Codify and Revamp FedRAMP

Does this mean that the government can finally start figuring out how to do things securely because they’re talking, or is this another talking point? With the worst breach in 2020 still needing to be learned about, I’m not sure this is the answer. Thoughts after reading this one.

Comments (0)

Ubiquiti: now joins the breach department through a cloud provider

This is still a developing story, and several podcasts will more than likely have this as I found another security podcast that might be of interest. Hearing things in a different light is definitely something I’m interested in, so we’ll see what has to be said about this story.

Brian Krebs wrote the article yesterday, and this is huge.

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control
systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider
may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

If you want to know how big they are, the last paragraph says:

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in
over 200 countries and territories worldwide.

I believe Security Now has talked about this router and I wonder what Steve is going to say about this?

The company became aware that information stored by a third party provider was accessed but they did not say which provider they were using. Brian has steps in the article that cover what you need to do if you’re effected.

Ubiquiti: Change Your Password, Enable 2FA is the article, if you’re effected, read it and follow its instructions or call the company for help.

Comments (0)

January Ouch is now available from Sans

I’m going through email and Ouch from Sans is here talking about Securing WIFI. Lots of us are on WIFI, so read the newsletter for this month and see if anything is needing to be done for you.

Comments (0)

Braille Institute says that January is technology month

I read at least one of these books in the following list, have anyone of you read any? The book I read and podcasted about when the books was around is called The Circle and it was a great book. Let’s see what everyone else has read.

I was going through Email, and found an email talking about January being technology month.

Below, the following books are generalized to fiction and non-fiction and are already available on BARD. Check your cooperating library outside the United States to see if these books are available to you.

Non-Fiction

 
Steve Jobs by Walter Isaacson – DB73682 (Spanish version: DB 72993)
Biography of entrepreneur Steve Jobs (1955-2011) chronicles his childhood, education, entry-level jobs in California’s Silicon Valley, 1976 cofounding
of Apple computer in his parents’ garage, and leadership in spearheading the iPod, iPhone, and iPad. Discusses Jobs’ personal and professional relationships
and his 2003 cancer diagnosis.  

Digital Minimalism: Choosing a Focused Life in a Noisy World by Cal Newport – DB94076
Computer scientist presents an argument for reducing the amount of time we spend online. Uses case studies to form a foundation for why to do this and
suggests ways to undertake a “digital declutter.” 

Bad Blood by John Carreyou – DB 91456
Pulitzer Prize-winning journalist recounts his investigation into Silicon Valley startup company Theranos, which claimed its new machine would speed up
and simplify blood testing. Describes interviews with insiders, research into the technology, threats he received as he uncovered fraud after fraud, and
Theranos’s eventual collapse. 

Invisible Women: Data Bias in a World Designed for Men by Caroline Criado-Perez – DB94381
Examination of a root cause of gender inequality–the exclusion of women or preferential bias toward men in research data sets. Discusses the ways these
biases play out in daily life, the workplace, product design, the doctor’s office, and public life, and what happens when things go wrong. 

The Patient Will See You Now: The Future of Medicine is in Your Hands by Eric Topol DBC02757 
A trip to the doctor is almost a guarantee of misery. Eric Topol, one of the nation’s top physicians says it doesn’t have to be that way. You could use
your smartphone to get rapid test results from one drop of blood, monitor your vital signs both day and night, and use an artificially intelligent algorithm
to receive a diagnosis without having to see a doctor.

Megatech: Technology in 2050 by Daniel Franklin DB88590 
A collection of essays forecasting the role of technology in the year 2050. Contributors include journalists, scientists, entrepreneurs, philanthropists,
medical doctors, philosophers, and novelists. In her essay, Melinda Gates envisions what might happen if every woman in the world had a smartphone of her
own. 

The Smartphone Society: Technology, Power, and Resistance in the New Gilded Age by Nicole Marie Aschoff DB98753
Journalist examines the rise of smartphone usage and ways corporations including Google, Facebook, and Amazon have used smartphones to surveil social,
political, and economic activity of users. Discusses the ways users have taken advantage of the technology to create and maintain political resistance
movements. 

Beauty and the Beak: How Science, Technology, and a 3D-Printed Beak Rescued a Bald Eagle by Deborah Lee Rose & Jane Veltkamp DB89590
After a hunter shattered her beak, Beauty, a bald eagle, was rescued in Alaska and relocated to Birds of Prey Northwest, a raptor center in Idaho. Recounts
how scientists and engineers created a prosthetic beak from a 3D printer while her real beak regenerated slowly.

Blood, Sweat, and Pixels: The Triumphant, Turbulent Stories Behind How Video Games Are Made by Jason Schreier DB90959
A journalist who covers the video game industry documents the process of making a game, from initial concept with the game creator through the large team
efforts that it takes to develop a popular game. Includes creation stories of popular games like Diablo III, Halo Wars, and more. 

Cryptography: The Key to Digital Security, How it Works, and Why it Matters by Keith M. Martin  DB101019
Information security specialist presents an explanation of the role of cryptography–often associated with the world of spies–in the world of information
security. Topics covered include what security means in cyberspace, algorithms and what they do, cryptocurrencies like Bitcoin, and potential scenarios
for the use of cryptography. 
 

Fiction

 
Ready Player One by Ernest Cline DB73772
2045. Multibillionaire James Halliday dies, leaving his last will and testament online for the world to see. His massively multiplayer online game OASIS
has a hidden feature–an Easter egg–and the person who finds the egg first wins Halliday’s fortune. 

The Circle: A Novel by Dave Eggers DB77770
Mae begins work at the Circle–a company that reinvented the Internet by creating one transparent identity for each user. Although enthralled by her increasingly
powerful online role, Mae is troubled to learn that the company may have a dark side. 

Jurassic Park: A Novel by Michael Crichton DB32018
Something is terribly wrong at Jurassic Park on a remote island off the coast of Costa Rica. Visitors and residents are being attacked by strange looking
animals that maul them and leave behind a sticky saliva. Dinosaurs cloned and raised by a genetic engineering firm have escaped. Consultants are brought
in to solve the problem, but soon everyone is running for dear life. 

I, Robot by Isaac Asimov DB15779
U. S. Robots and Mechanical Men, Inc, headed by the strong-minded Susan Calvin, manufactures and sells intelligent, human-like robots. Nine stories illustrate
how the robots are programed with the three Laws of Robotics to serve man, despite many of the ingrained fears and prejudices humans have against them.

Feed by M.T. Anderson DB55687
In the future, most people have computer implants in their heads streaming information. Titus has had his since birth, while home-schooled Violet received
hers later. When the “feed” is attacked by a hacker, Titus’s system shortly recovers but Violet’s continues to malfunction. 

Comments (0)

The Big news of the day, Amazon booting a new social media platform off of AWS

Hello Folks,

I placed a call to someone today to catch up with them, and they happened to tell me about an app that was removed off of the Internet by Amazon. Sure enough, I found an article by Cyberscoop about it, and that article is entitled Amazon boots Parler from web hosting service over violent content which was quite interesting.

We know that Social Media has tried to play sensor and delete things that could be questionable. The problem with this is that in the United States, we have the first amendment of what is called Free Speech.

We also know that Donald Trump has been kicked off of both Facebook and Twitter, although from what I heard, he urged people to be civil, and from what I was told today, he was outraged about the violence that took place last Wednesday.

The article in question starts:

Parler, a social media platform favored by pro-Trump groups, was completely offline Monday morning after Amazon knocked the company from its web hosting
services overnight.

Federal law enforcement have continued to make arrests after the January 6th attack on the Capital according to the article. It continues:

Posts on the social media platform were part of the long trail of digital
evidence available to investigators. The mob included white supremacists and proponents of the QAnon conspiracy movement.

Here is an article from the NY Times that talk about the arrests if anyone wants to take a look at that, as it is outside of the technology blog and security aspect of the blog.

The publication Buzzfeed first reported the news that came straight from AWS itself, feel free to read the news if you;’re interested. The ban went in to effect just before 3 am eastern time according to the article.

They link to the Washington Post for this aspect of the story.

I completely understand the problem we have here. You’re trying to get rid of hate speech which could encourage violence, and that is probably a good thing. People may say something that may not necessarily be hateful, but people at these companies could suspend you just for posting something they consider hateful or violent. That, I don’t think is fair.

Also, according to the article, we learn that Donald Trump has been permanently banned by Twitter, following Facebook and their move to do so last week.

Last night, I ended up reading a couple of articles that had to do with Q-Anon, and I wasn’t really going to talk about one until I saw the other. Since this is in regards to a social network being shut down, I’ll say that these guys can probably go elsewhere to do their talking, and there isn’t anything we can really do about it.

One article by Krebs is entitled Hamas May Be Threat to 8chan, QAnon Online and I found it interesting. The first paragraph says:

In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard,
a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by
a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas.

All I’m going to say about the app, and the dealings with these other companies in this article is this: if there are terms of service violations which are apparent, then kick them off the Internet. If not, there is no need to do anything, because we should have the right to have free speech and say so about whatever is on our mind. Unless the government says otherwise, the U.S. has a constitution and so do other places saying we can write, think, do, and speak whatever we want unless we’re threatening people or causing harm.

Just because one says they’re going to “do something” doesn’t mean they will. Sure, there are groups organizing to “do a lot of various things” but is it your jonb to try and kick them off because they were doing something civilly?

Brian links to last year’s article and says that it

examined how a phone call to Oregon-based CNServers was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online
image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global
child sex-trafficking ring and plotting against President Donald Trump.

We know that sex trafficing is a global problem, and I could see someone making a phone call to get that taken off line so nobody gets hurt. I support that. But why take a social media platform offline just because people are organizing? Am I missing something?

The second article in this series All Aboard the Pequod! goes in to more detail on these groups. If you kick them off one place, they’ll go to another place, so it isn’t a big deal since they’re going to continue to organize and cause problems. Maybe the publicity is what they want.

That’s all i have to write right now, but this is a good way to tie all of these articles in to one blog post for today. This is only going to get more interesting as time goes on.

Comments (0)

The Technology podcast, podcast 358: Stripe demo, terms of service violations, and a very interesting dark net diaries podcast

Welcome to podcast 358. The RSS has the program up for you. Here are the show notes for this program.

On this edition of the technology podcast, a stripe demo for you on their app. Also, people getting away with blatently violating terms of service. Finally, Dark Net Diaries had an episode on the darknet and someone who got caught in the crosshairs of the law because they baught and sold drugs on the underground. I hope you all enjoy the program. This program lasts 84 minutes. Enjoy!

The Darknet Diaries podcast can be found by going to dark net diaries on the web.

Don’t have or want to deal with RSS? No problem! Here is the 76.99mb file for you to download.

Thanks so much for listening, and we’ll see you again on the next edition of the program!

Comments (0)

Reserve Bank likely hacked? Should we be backing up to the cloud?

Shaun Everiss sent me the following email this morning.

Hi.

This appeared yesterday just before dinner.

https://www.rnz.co.nz/news/national/434299/reserve-bank-likely-hacked-by-another-government-expert

Everyone is trying to get on this, now its government warfair all over again.

And people say we should back up to the cloud.

I am in the process of replacing one of my backup drives.

The article indicates that this particular breach was caused by a nation state actor who may have breached their third party

In a statement, the bank said a third party file sharing service it used to share and store some sensitive information had been hacked.
Professor of Computer Science at Auckland University, Dave Parry, said the attack was significant.

The article continues:

It was likely to be another government trying to attack the Reserve Bank, he said.
“Because ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so
you’d be more interested probably coming in from a government to government level.”

It also reminds us that this isn’t the first attack in New Zealand, as this blog post talked about New Zealand coming back online after the stock exchange was hacked or apparently anyway hacked.

I’m sure this is a developing story, and if more comes across my desk, we’ll be sure to cover it.

Comments (0)

We’ve got more news … DDO Secrets isn’t being done leaking data … using TOR now

In the back dated department, I remember talking about DDO Secrets in this 2020 blog post: Blue Leaks, this is as bad as it gets which talked about something called blue leaks. Apparently, this was 10 years of archives named blue leaks, and we’ve not heard anything about it nor DDO Secrets till now. To set the record straight as I was writing this, Blue Leaks was the name of 269gb of data that you’ll read about as I take this Phishlabs article apart, no wonder my memory is fuzzy on the name.

Now, Phishlabs has an article on this agency, Activists Leak Data Stolen in Ransomware Attacks and it has lots of various links to various things to boot.

This company seems to have terabytes of stolen emails, documents, and photos
 from various companies covering the range of sectors like finance, pharmaceuticals, software, and manufacturing. So, I guess Germany didn’t do enough to shut them completely down as now they’re back to work causing havoc like every other ransomware group out there. That’s nice!

This is probably the most important paragraph about this group which brings back memories from the earlier post I linked to within this article. While I mentioned it above after I initially wrote this, it is still worth sharing for those who are not interested in linking back to my prior coverage of the Blue Leaks fiasco. The paragraph says:

Stating their goal is to “serve and inform the public,” DDoSecrets claims that the information they are promoting and publishing is already exposed and
that data leaked by ransomware groups often contains information that deserves to be scrutinized. 

Are you sure they have already been exposed and you just aren’t another hacker going after data to make yourselves look good?

Now we’ve also got to worry about double extortion where companies have to pay the ransome and then pay to make sure it doesn’t get out. We’ve learned through other articles that this tactic doesn’t quite work, because these gangs can go on their word and do it anyway. That is what I think this DDO Secrets company is, and I’m sticking to it.

The collection and publication of stolen data by DDoSecrets clearly illustrates why organizations affected by a ransomware attacks have more to worry about
than negotiating a ransom payment. Extracted data is frequently exposed whether or not ransoms are paid. Data stolen in ransomware compromises may be on
the road to a fast and much more public exposure via a third-party. 
 
DDoSecrets has been in the spotlight for publishing hacked documents in the past, including a 269-gigabyte collection of law enforcement files known as
BlueLeaks. After a series of repercussions including a server seizure, they are now hosting a majority of their content on Tor protected sites. 

Now I understand where Blue Leaks came from, this company either stole stuff or baught it, published it, then got it named blue leaks by the community based on the data that was stolen. Now, that makes sense, and I remember now this article said that but I’ve been reading so much as of late.

Since now they host their stuff on TOR web sites, is there any luck on getting it shut down for good? People like this make me wonder why we have the internet anymore; even though we’re all connected during this difficult time. I appreciate my Internet, and I really don’t want my Internet to have problems because of some company like this out loose buying stolen data, putting it out and hurting companies. That isn’t for the greater good, is it? The comment boards await you.

Comments (0)

Chinese web firms ‘bullying’ customers with data, algorithms – consumer watchdog

This is the same China that goes around and sensors their own citizen Internet, go look it up. Now, they want fair buying practices when they tell consumors what they can see, where they can go, and what social media to use? I honestly buy this. The beginning of the article and a link are below to form your own opinion. China, I’m not buying.

Chinese internet companies have been violating customers’ rights by misusing personal data and

Source: Chinese web firms ‘bullying’ customers with data, algorithms – consumer watchdog

Comments (0)

Here is some solar winds news, news ending January 9, 2021

The biggest news this week in regards to Solar Winds is the fact that a court has been hit in the ongoing fiasco that is now being talked about as the biggest breach of 2020 according to Solutions Review Presents: The Top Data Breaches of 2020 which one of my followers tweeted. What I’d like to do is try to get the videos from this and share it on a future podcast, as some may be familiar and some may not. I may just read from the web site and do it that way. What isn’t surprising in this list is that Solar Winds is the breach of the month in December, and from what I’m hearing, companies may be effected but not coming out as of yet.

As I said, courts are the next victim, and this article entitled Federal courts are latest apparent victim of SolarWinds hack and it is a Cyberscoop article. Tim Starks writes for Cyberscoop on this one.

According to the article, Federal courts are a goldmine for criminals, since there are so many cases that go through there. All kinds of cases and all kinds of crimes may be heard by the federal court, so protecting this data is of utmost importance I’d hope.

According to the article, it says:

Going forward, federal courts will only accept filings of highly sensitive documents in paper form or via secure electronic devices, and won’t upload those
documents to its electronic case management system.

“This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not
available to the public,” the office said.

They also write:

“CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform and has identified legitimate account abuse as one of
these vectors,” the agency said.

This continues to be an ongoing ordeal, and I’ve published a blog post about something that may be of interest for those who come here specifically for Solar Winds coverage.

Finally, the article concludes with this paragraph that says:

Via a new technique that CISA has seen hackers use in an incident it responded to, the agency said, “it is possible that authentication can occur outside of an organization’s known infrastructure and may not be visible to the legitimate system owner.”

This may be a major problem moving forward, and I don’t know what the solution of this is going to be if 2021 is the year for huge breaches like this one that can go undetected for over a year.

Next, Sen. Warner accuses White House of weakening statement attributing SolarWinds hack to Russia comes to mind as well. Mr. Warner has spoken out in regards to other breaches, so he’s a good vocal point that we need to have.

The first paragraph may just sum this article up beautifully. It states:

An influential Senate Democrat who will soon chair the intelligence committee on Thursday accused the White House of “water[ing] down” the U.S. government’s
public statement linking a hacking campaign to Russia, and suggested more high-profile corporations had been breached.

Another paragraph later down says:

A person familiar with internal U.S. government deliberations on the matter echoed Warner’s accusation, saying that the White House had weakened the language
attributing the campaign to Russia and that the word “likely” was a surprise inclusion in the final statement.

Spokespeople for the White House and its National Security Council did not respond to requests for comment. Russia has denied involvement in the hack.

Those that may have done it of course don’t want to admit to having any involvement but attribution seems to now be stronger on Russia, even if they don’t want to admit it.

There is a lot of linked stuff here, so I can’t take every paragraph and pull it apart, so just check out the article, and let us discuss it.

Finally, Mr. Trump, if he’s very unhappy now that he’s apparently lost his twitter account for the foreseable future, he mize well find something to do as one of his own people he hired than fired had no trouble finding another job. Mr. Christopher Krebs, no relation to Brian Krebs, found a job at Solar Winds as he was hired to help them figure out what broke and help them get back on their feet. The article SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack is the article I’m talking about by Cyberscoop. Sean Lyngaas wrote this article for the publication.

Alex Stamos, former Facebook Security Chief, also got hired for the task as well.

According to the very first paragraph:

Software provider SolarWinds, which was breached in a suspected Russian hacking campaign against U.S. companies and federal agencies, has hired former
senior U.S. cybersecurity official Chris Krebs and former Facebook security chief Alex Stamos to help respond to the hack and improve its security practices.

Continuing:

Krebs and Stamos will work as consultants for Texas-based SolarWinds as it continues to deal with the fallout of a hacking operation that has roiled Washington
and is considered one of the more significant cyber-espionage campaigns against U.S. agencies in years.

When we first learned about the breach, publications like Cyber Scoop and others stopped short on saying it was espionage, but it has later been confirmed to be such.

Lastly for this section, the article says:

“Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies,” SolarWinds said in a statement. “We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class
guidance on our journey to evolve into an industry leading secure software development company.”

Solar Winds, your mistake was the fact that you took your development offshore according to what I read, and you put security on the back burner. In my opinion, maybe you deserve what happened, and hopefully you’ll learn what not to do next time.

The article goes on to say that less than 10 federal agencies including commerce, DHS, the department of energy, the white house and possibly others we still don’t know about. The article only lists three as example, but I don’t believe we’ve heard it all yet.

Alex was part of Yahoo! at the time we didn’t learn of the many Yahoo! accounts that were breached. I’ve stopped using my Yahoo SBC account and have no plans on using it.

There’s more about each member, lots of links, and lots to read. Have something to say? Register and leave those comments. Its free to do, and we welcome your comments right here, on the tech blog.

Comments (0)

BARD message of interest, January 9, 2021

Bard maintenance notice

The following comes from Bard’s web site, and may be of interest to patrons of BARD.

I went up to look up something, and saw this.

Alert Message

NLS is planning routine maintenance that will begin 11:00 PM, Eastern Standard Time (EST), Tuesday, January 12, lasting 17 hours or less, with the expectation that BARD will resume normal operation by 4:00 p.m. EST on Wednesday, January 13. The NLS main public and Network Library Services websites, Voyager catalog, Text-Only catalog searches, and ThatAllMayRead website will remain available. This maintenance work includes our long-expected move of BARD to a cloud environment. Once operation resumes, patrons will experience no functional change to BARD, but these users accessing the system via a high-speed Internet connections may notice faster download speeds. Don Olson

I hope this message may be of benefit to those using BARD, and thanks for reading!

Comments (0)

CISA releases Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

I’ll have more on Solar winds and some articles I’ve read that night be of interest, but for tonight, I read a lot of this CISA report:
Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments for people who need it. I don’t know if people need this, so I thought I’d share it.
There is information on techniques and procedures the actors have used along with links to other information they released.

If you’re not subscribed to this email list, than I’m supplying it to you so you can have it. I hope this finds interest to those who need it.

Comments (0)

What is going on in the security landscape, news ending January 8, 2021

Hello folks, welcome to a wrapup of what is going on in the landscape of security. In no way is this going to be a complete rundown, however, some of what I’ve read or come across, or even news that I didn’t see that comes across my desk through a digest from Trend Micro.

Let us get started with “This week in Security News” from Trend Micro. I really like covering these posts because they cover a lot, some I may have read, some I still need to read, yet others may just be interesting but yet not worth talking about in the long term.

There are two articles I’ve been meaning to cover that are in my rundown from this news digest that I mise well cover here. The first is Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration and I had to read it from the web version. This is very dangerous because it relies on people using webmail to access their mail. I’ve ditched webmail many, many, many years ago because I personally find it to be something that doesn’t interest me. Even when I signed up for gmail and I finally decided on it for youtube and even now an off site email address, I was not using the website to check my mail.

The good news is that I think that most of us who read this aren’t using this site at all that is referenced. The web site is mail2000tw[.]com or any kind of sub domain. I can’t tell what language it is, I did visit the site via private browsing to see what language it is.

Trend Micro writes:

We discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities
in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that
is widely-used in Taiwan.  With no clear connection to any previous attack group, we gave this new threat actor the name “Earth Wendigo.”
Additional investigation shows that the threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians
and activists, who support movements in Tibet, the Uyghur region, or Hong Kong. However, this is a separate series of attacks from their operation in Taiwan,
which this report covers. 

Other headings within this article include but are not limited to:

  • Initial Access and Propagation
  • Exfiltration of the mailbox
  • Infection of email accounts
  • Service Worker script exploitation
  • and Email exfiltration

The article here is very detailed and I think people need to read this, as it could come to a web mail service near us. Luckily, it hasn’t happened as of yet, but it is definitely something that could eventually happen.

The other thing in this week’s digest of the news is also something that I wanted to cover An Overview of the DoppelPaymer Ransomware is the article and it is also a good one.

The article starts out:

DoppelPaymer uses a fairly sophisticated routine, starting off with network infiltration via malicious spam emails containing spear-phishing links or attachments
designed to lure unsuspecting users into executing malicious code that is usually disguised as a genuine document. This code is responsible for downloading
other malware with more advanced capabilities (such as Emotet) into the victim’s system.

I believe I’ve talked about Emotet on the technology podcast, and it definitely isn’t going anywhere with this new project. This also uses the Dridex malware family (website) which will either download the DoppelPaymer directly or something else.

This is definitely something that is stealthy, troublesome, and something that we should all know about.

The article goes on and says:

Once Dridex enters the system, the malicious actors do not immediately deploy the ransomware. Instead, it tries to move laterally within the affected system’s
network to find a high-value target to steal critical information from. Once this target is found, Dridex will proceed in executing its final payload,
DoppelPaymer. DoppelPaymer encrypts files found in the network as well as fixed and removable drives in the affected system.

Finally, DoppelPaymer will change user passwords before forcing a system restart into safe mode to prevent user entry from the system. It then changes
the notice text that appears before Windows proceeds to the login screen.

The new notice text is now DoppelPaymer’s ransom note, which warns users not to reset or shut down the system, as well as not to delete, rename, or move
the encrypted files. The note also contains a threat that their sensitive data will be shared to the public if they do not pay the ransom that is demanded
from them.

According to the FBI notification, DoppelPaymer’s primary targets are organizations in the healthcare, emergency services, and education. The ransomware
has already been involved in a number of attacks in 2020, including disruptions to a community college as well as police and emergency services in a city
in the US during the middle of the year.

DoppelPaymer was particularly active in September 2020, with the ransomware targeting a German hospital that resulted in the disruption of communication
and general operations. It also fixed its sights on a county E911 center as well as another community college in the same month.

The following is what is recommended by Trend Micro in regards to this one:

  • Refraining from opening unverified emails and clicking on any embedded links or attachments in these messages.
  • Regularly backing up important files using the 3-2-1 rule: Create three backup copies in two different file formats, with one of the backups in a separate physical location.
  • Updating both software and applications with the latest patches as soon as possible to protect them from vulnerabilities.
  • Ensuring that backups are secure and disconnected from the network at the conclusion of each backup session. 
  • Auditing user accounts at regular intervals — in particular those accounts that are publicly accessible, such as Remote Monitoring and Management accounts.
  • Monitoring inbound and outbound network traffic, with alerts for data exfiltration in place.
  • Implementing two-factor authentication (2FA) for user login credentials, as this can help strengthen security for user accounts
  • and Implementing the principle of least privilege for file, directory, and network share permissions.

As with all things troublesome, making sure we have our backups is the most important thing. I personally pay for dropbox for that purpose, and I am sure glad I have!

The Hacker News has an article entitled: FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack which I have not read. Cyberscoop has articles dealing with Solar Winds and some fall out. They are:

The last two go hand in hand, but all in the above list are interesting, saying that Russia has been to blame in varying paragraphs. That is why I link all of them in this section because it is the latest we have, and I can only imagine Trump going ape over his accounts being suspended. With what has gone on, its about time that the companies do something to curve his behavior, even if it indirectly was responsible for the attacks that have been in the news as of late. Read all of these articles linked above in the above list because they are all good and vary in content. several of these articles may be linked in podcast content in passing for news notes, but its all informative. articles will

Another article that is worth talking about is protecting your kids while learning at home. This article How to Protect Your Kid’s Privacy While At-Home Learning goes in to detail on this.

The beginning of this article says:

Why Trend Micro
Research
Support
Partners
Company
?
navigation region end
?
Privacy & Risks
Share
Print
article
Privacy & Risks
How to Protect Your Kid’s Privacy While At-Home Learning
Many kids now have school-supplied computer equipment away from the school network. However, with this come privacy and security concerns. Some are easy
to avoid, but others need some modifications to ensure safety.
By: Stephen Hilt, Erin Johnson December 22, 2020Read time: 5 min (1381 words)
Share
Print
?
——————————————————————————–
main region
With the pandemic forcing many people to work and attend school from home, there has been a major shift in the use of technology for many businesses and
learning institutions. And this has brought a lot of interesting findings, at least from my own.
My kids have been attending school virtually this year, and I’m glad that schools can offer options and provide a high level of education virtually during
the Covid-19 pandemic. One of these options is the use of Chromebooks. While many US school districts have been providing Chromebooks to children at school
for some time, the scale of this need changed significantly in 2020. Fortunately, some school districts have found the ability to get more computers for
students who need them at home.

While I applaud the schools for providing people who need them the computers, the article talks about how schools are locking down even the network at home because it is signed in to the same google account even though the provided computer is not even being used. This goes beyond the reach of my understanding, please read Trend Micro’s article on this.

One of the things I heard in a new podcast I just subscribed to called The CyberWire Daily mentioned software called JetBrains, another piece of software that may have been compromised. I have not read Investigation Launched into Role of JetBrains Product in SolarWinds Hack: Reports but it is interesting that yet another company may be involved in one of the biggest breaches we’ve ever known.

Here is what the clip of this article states. Again, i’ve not read this, so I have no more info except what I heard on the podcast.

Cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by
JetBrains to achieve their goal. JetBrains is a software development company based in the Czech Republic that has offices in Europe, Russia and the United
States. The company claims its solutions are used by over 9 million developers across 300,000 companies around the world.

We can’t forget phishing. Email threats are going to rise, and with that legitimate domains may be used. Also, RYUK is still being used more than ever, something called Hastebin is being used to deliver fileless malware called Hastebin and much more. To read the entire article of what is going on this week from Trend Micro, please go on over to Trend Micro’s blog: This Week in Security News – Jan 8, 2021 to read all of the details.

Finally, we’ve got some great news I always like to cover. Russian man sentenced to 12 years in prison for massive JPMorgan data heist and that i good news because J.P. Morgan’s breach was one of the biggest to date for its time.

Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether
from the hacking, the Justice Department said in a statement.

We should back up and start at the beginning though: The article states in part: A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors
say involved the theft of personal data from over 100 million customers of big U.S. financial firms.

The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working
with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers
then sought to inflate stock prices by marketing them to people whose data they had stolen.

There is definitely more, and more that I need to get out in regards to Solar Winds but I’ll do that in a separate article as Solar Winds is just as interesting alone as it would be in a roundup like this.

This completes the news notes, did you find something of interest? Why not get in touch? Comment on the blog! Write an Email! Use whats app, email/imessage or any other contact info you want! We’ll be waiting.

Comments (0)

Have you read Trend Micro’s year in review yet? Its quite interesting as usual

The Year in Review for 2021 was released on Trend Micro on the 8th of December, 2020. It is definitely a facinating read every time I read it, and Trend Micro isn’t far off. There is always room for error.

I’m always facinated in regards to Trend Micro and their predictions report that they come out with each year. This time, Takeaways from Trend Micro’s 2021 Security Predictions is the article and there’s a lot here.

In the next Security Box, I’ll Text-to-speech this article as it’ll go faster, and we’ll discuss it.

I think one of the biggest and continuing threats in this landscape will be the continuing ordeal of the pandemic as well as the actors keeping up with what people want to know.

Home offices as hubs? You bet. With more people working from home and that not changing for the foreseeable future, criminals will be wanting to utalize any connection they can to get their wares out in to the world.

For example, I used a website tpo see an IP address to try to see if it was reported as spam. It was a malicious spam message, but the IP was a fixed landline internet connection. That makes it a bad IP. Because it sent me Spam, I had no choice but to report it, although I felt bad. The site, which I may rtalk about on a podcast of some sort, is a site that collects data on various trends of Spam, hacking and other aspects of attacks. I don’t exactly know what they do with it, but if I see something from the same range, I can block that range of IP’s from coming to my web site and spamming me. This is especially true if it is an IP designed to push traffic to their next destination such as your hosting provider, it isn’t supposed to visit the web and send Spam.

Covid-19 isn’t going anywhere, in fact, California is so out of control we’re out of beds in the ICU. Actors are going to take advantage of this, and Phishing and ransomware have been sent based on this devistating tragety which has rocked the world. It is unfortunate, however I don’t think we’re done with that aspect of attacks as of yet.

The next major heading they talk about here is Digital transformation efforts as a double-edged sword (if not done right). This section is really meant for business and not necessarily for consumers, so when you read the article, know that I’m thinking of you as a business. Consumers must read this to understand what is happening in the business world, and it was a definite interesting read.

To read the full article which links to Turning the Tide: Trend Micro Security Predictions for 2021 which you should read the first heading: “What At-Home Workers Need to Know.” Thanks so much for reading.

Comments (0)

The Security Box, podcast 26: Solar Winds, apps for spyware and more

Welcomne to the security box, podcast 26. We have a 229.68mb download and our RSS to boot.

You can search my name, Jared Rimer, to get my podcasts on apple podcasts, overcast and others if you wish. I checked it out in overcast, and both this one and my internet radio program is available.

Since this is a blog post in regards to the Security Box, we’ve got lots of notations that were not included in its RSS, so I guess its time that I put the whole show notes out there for you to read since I pointed people to the blog there.

Here are those notes.

Hello folks, welcome to the security box, podcast 26.

Topic continuing:

The topic of Shaken and Stir will get its wrapup from podcasts 21 and 23.

This should be the last of this as we don’t have far to go with it.

Things to ponder

  • I can’t believe that we are talking about spy applications that could spy on people while they use their phone. There are applications for Mac, IOS, Android, Windows Mobile, Windows PC, Symbian, HTC and others.

    Some of the most famous examples of these monitoring applications are iSpy for iOS and Freezy for android phones. Other examples include SpyFu for Mac, Rxected for iPhone, logger for Blackberry, Cloner for Windows Mobile, GoArtical for PSP, CoolMobile for Windows Mobile, MyTrace for iPhone, MyTrace for Android, MyTrace for PC, Sonar for Symbian, ATOM GPS for HTC, ATOM GPS for Windows Mobile and PC.

    Are you a parent, and what do you think? The article is well written and I’m not bashing the article, nor the web site, but the practice of using such an app when children can find these apps if they think they’re being tracked. What about the web site practices? From koolwebsites.com, we have: Watch Your Kids with Mobile Spy Apps is the article and I hope this sparks some discussion. blog post from the tech blog with comments are also available to you.

    • News Notes

    Arrests

  • We start off with some good news in the arrests department, where 21 people from the UK and other places were picked up for using stolen data from a now defunked site calledWeLeakInfo. Besides learning about these 21, we learn about others too. Quoting: the article says:

    “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. … “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices,” the NCA said. “Many more of these visits are due to take place over the coming
    months.” “As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and
    crypters,” the agency said. “Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.”

    Let that last one sink in a little bit. Article: UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

More News Notes

  • Boy, Ticket Master sure does seem to be the bad guy. They ended up paying $10 million because they illegally used passwords they obtained from former employees of another company to see what they were up to. Is this the right punishment for such a big company who sells tickets to many different types of events? Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company is the article, and boy is this big.
  • I have some security news coming out of the United Kingdom in this blog post which might be of interest to people if they haven’t seen it already. The article talks about WeLeakInfo and Cyber Scoop does a good job covering this one. I put it under arrests for more info, but my blog post does have other odds and ends on it too.
  • The blog has plenty of news on Solar Winds and I even have a three part article which you can go find. I know we’re not done with that.
  • Travel Booking company pays out money for 2016 breach was talked about on my blog, and boy was it a big headache for the travel company.

Want to comment? Feel free to get in touch! Contact information is throughout the program. Thanks so much for listening!

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu