The Technology blog and podcast

The Technology podcast, podcast 359 for January 29, 2021

The technology podcast has been posted to the rss feed yesterday, and this is the download for the podcast. Its an hour, and covers several different things.

---

Welcome to podcast 359 of the technology podcast. I’m Jared, and its time to bring you another podcast.

Today, we’ve got something I think you’ll be interested in as I talk about something that has been around awhile that seems to be finally dismantled, at least for now. What might that be? Its called Trick Bot. I heard a podcast about it and how it has pretty much fell, but yet, its still around according to an article I’ll be talking about and reading later.

Next, I talk about Weather Gods. Its one of many different apps on the app store. I posted on the tech blog and on Applevis in regards to this topic, and I chose this app because of my needs, and something I feel isn’t fair called double extortion. There is a paid app, and then they want us to pay for a subscription for what I can get for either beta testing, or paying for the subscription. Thoughts are welcome.

Finally, could Net Neutrality be coming back? According to a podcast, it might be, and I talk about it here instead of the security box.

Contact info is at the end of the program as usual.

What to read or listen to:

• <Trickbot may be down, but can we count it out? The Cyber Wire Daily

Thanks for listening!

Comments (0)

Sans news bites for January 29, 2021

This is the link for today’s sans news bite. I don’t know if this will work for everyone, but we’ll try. The Security box will highlight what is in the newsletter, but we’ll post articles as appropriate on what we think we should cover. Let’s try it.

Comments (0)

The Security box, podcast 29: messaging applications, cloud security, news, notes and more

Hello folks, welcome to the security box, podcast 29. While the show notes has the topics on hand, the show notes on the rss did not cover any of the news notes items.

Don’t want RSS? No problem! Here is the download of the program (147.07mb) for you to have.

Now, without further ado, let’s get those show notes out for you.

---

Welcome to the security box, podcast 29. On this episode of the podcast, what seems to be the problem with messaging applications such as Whatsapp, Signal and others when it comes to their security? What do you think of for cloud security for 2021 as the pandemic continues? We’ll have news, notes, questions, comments and more including bits from Sans News bites, Trend Micro and more.

Topics

• Security Now episode 802 was released and broadcasted the week of January 19, 2020. On this podcast, are we really concerned about what application we choose to use to message? Steve says that it doesn’t honestly matter, as metadata isn’t all that big of a deal. Who really cares if phone numbers, time of messages, and even how long audio messages may be? There are apps discussed for more private communication, but metadata doesn’t cover the content of the message itself. From Steve’s introduction taken from his security now page he writes in part:
  

  Then we wrap up by looking at various aspects
  of the frenzy caused by WhatsApp’s quite predictable move to incorporate its users’ conversation metadata into Facebook’s monetization ecosystem.

  This segment lasts roughly 20 minutes as I play the segment for all to hear. What do you think about this?

• What about cloud security for 2021? The Top Worry In Cloud Security for 2021 is the Trend Micro article, and I found a video on their youtube page that seems to voice the article. We’ll play this video and we’ll discuss. Cloud Dynamics: Top Cloud Security Challenges for 2021 is the video. Your thoughts are welcome.

News notes and more

• Cyberwire Daily for Friday, January 21st is talking about an android app called “daily food diary.” Apparently, this app doesn’t just care what you’re eating as you are to take pictures of what you’re eating, but it wants contact permissions, phone call permissions, foreground permissions, runs in the background, exfiltrates data, and more. Check out thecyberwire.com web site for more and for a link to the episode. “I can’t believe I ate all of those fries the other day” should probably not be written in this app, but using another application.
• The Cyberwire Daily reports that Malwarebytes, a company talked quite a bit on Andy and Josh’s tech talk and Music show, recently gotten bit by the actors that may have been responsible for the Solar Winds breach. According to Cyberwire, the actors may have gotten to some of Malwarebyte’s email access through Microsoft365. Malwarebytes does not use Solar Wind products, the podcast states. UNC2451 is the name given according to the podcast, and it seems to be a name of a particular group. This link is the link to the notations for the podcast in which I’m writing about.
• There’s always plenty in the news notes sections of Trend Micro. Some may include articles on APT attacks, an article on malwarebytes and their compromise by the supposed solar winds folks, VPN filter and how it is still being used as routers are still compromised, a phishing scam that lead thousands of passwords searchable through Google, a bug in Signal and other apps allowed attackers to listen in to calls, CISA warning about hackers using phishing to get at cloud services and more. If there is something that is of interest to you, I’ve got this week’s news, news ending January 22, 2020. Here’s the link to the article for you to peruse.
• In a very interesting turn of events, we learn that someone who was to be released on Covid concerns will not be released. On the 22nd, I read an article that indicates that a hacker must stay behind bars, even though a judge said that he would be released due to Covid concerns within the place he was staying. He also was charged with new charges. The hacker in question stole personal data on 1300 U.S. Military government employees and giving it to an Islamic State hacker. The person’s name is Ardit according to the article. The new charges, according to the article stem from activity he has done behind bars. There’s more to the article, read it as it is entitled: New Charges Derail COVID Release for Hacker Who Aided ISIS. This article was written by Brian Krebs. I found this interesting. Another article on the same story is: After judge orders release of hacker tied to ISIS, US says ‘Not so fast’ which was written by Cyberscoop’s Jeff Stone.
• A Health insurer, Excellus, penalized $5.1M by HHS for data breach. According to the article, The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA) which has a good start in protecting our data, but I’m sure it isn’t enforced. We’ve had too many breaches in the health care industry, and its time to send a message to health care that our data is important. Health insurer Excellus penalized $5.1M by HHS for data breach is the article, and I think it should definitely be read.
• Rob Joyce is now the new NSA cybersecurity director, according to an article written by Cyberscoop’s Shannon Vavra. He replaces Anne Neuberger as director of the agency’s cybersecurity directorate. Anne will be joining the Biden team according to the article. For full details and links to other items, why not check out the article Rob Joyce named new NSA cybersecurity director for full details?

---

Thanks so much for checking out the program, and I welcome your questions, comments and concerns! Lets talk.

Comments (0)

Another Jaws update for January, minor changes

Jaws got another update in January, as I had an issue in which I needed to restart Jaws. I’ve not gotten a chance to look until now, but these changes are minor.

---

Enhancements in JAWS 2021.2012.57 (January 19, 2021)

This update addresses a few key issues that were reported shortly after the January 2021 release.
To download the latest release, visit the Downloads web page.

You must be logged on as an administrator to install this software.

• • A new feature was introduced earlier this month, designed to let a user change the volume of JAWS speaking or the system volume itself using a layered
  keystroke: INSERT+SPACE, V followed by J for JAWS or S for System. Since this change, Eloquence users reported hearing Ticks when reading and typing, especially
  around the letter O. We also had reports of the volume randomly changing when reading documents or web pages. These issues are now resolved. ,
• • Resolved an issue where pressing INSERT+ALT+SPACEBAR was not starting the Voice Assistant in JAWS or Fusion.
• • The JAWS voice commands to speak faster or slower now adjusts the speech in larger increments.
• • Addressed an issue where JAWS was not reading table headings in Excel.
• • Added a new JAWS Dictionary entry for “DocuSign.”
• • When spell checking a document in Word, resolved an issue where JAWS was not reading as expected when navigating by word through the text containing
  the error. ,
• • Resolved an issue where attachments were not being reported correctly in the Danish version of Outlook 2019.
• • In the Italian version of JAWS, addressed an issue where the keystrokes to access the Braille and Text Viewer layer, as well as the Volume layer, were
  not working as expected.

---

For complete details, links and more, Go on over to this Jaws 2021 web page and thanks for reading!

Comments (0)

Accessible Apps releases new version of Chicken Nugget with updated features

I’m a few days behind on this, but Blind Bargains is reporting that Chicken Nugget got a major update with new features and some changes in some keystrokes. I used to use Chicken Nuget until it stopped working.

The apps that were used for the blind are inclusive to Chicken Nuget, TW Blue and Qwitter Client. Qwitter Client has not been heard from in quite awhile, and when Chicken Nuget didn’t get authenticated after a twitter change, a lot of us abandoned Nugget in favor of TW Blue.

While I have used all of the apps in the above paragraph, I can’t say which one I like better since they all pretty much work the same. To read more from Blind Bargains, click on: It’s Back! Accessible Apps releases Chicken Nugget version 4.71, bringing AI image descriptions, new sounds, and More and feel free to comment. Hope you all enjoy the great news of this once popular app.

Comments (0)

IOS 14.4 is out, bad news for braille readers

I’m saddened at the lack of responsibility of Apple when it comes to braille support. While I don’t have a braille device to use with IOS, there are a lot of people that use braille on all of their devices because they need to. The voice support is awesome, and yes, there could be bugs in this release that could degrade the usability of the device, but that comes with the territory.

Apple Vis talks about a braille display made by APH, who advises not to update to IOS 14.4 until they resolve the issue. While apple vis is a small team, braille users who rely on IOS need to tell apple how important it is they fix these issues.

For complete details on IOS 14.4 and what is fixed and broken for the disabled, [Updated With Important Warning for Braille Display Users] Apple Releases iOS 14.4 and iPadOS 14.4; Bringing a New Direct Touch Setting for VoiceOver Users and thanks for reading. Do make it a great day!

Comments (0)

This phishing scam left thousands of stolen passwords exposed through Google search | ZDNet

This is one that is hard to quote and really write about, but I saw it while preparing for the news notes and wanted to read it. ZDnet is full of adds, but not harmful, but makes this hard to read. The content however is of importance, and should be viewed as this can happen to any sector or business.

Source: This phishing scam left thousands of stolen passwords exposed through Google search | ZDNet

Comments (0)

Site updates and checks

Hi all.
Welcome to another administration update.
With the systems in place for security as well as updates for automatic plugins and blogs bar themes I don’t need to enter the site that often these days.
Since last update
With the event of php8 becoming a thing, I have emailed the other admin to start requesting the upgrade as soon as feesable.
I don’t expect it to be needed for a couple years but since the last update took ages and ages to get in when it was needed I am putting it out there so it comes when it comes.
For admins, the php test plugin thats been on here for ages is removed because it was not updated with later php versions.
Some themes are updates or removed due to wordpress versioning, and are mainly for admin users to note down.
There seems to be a top down notification and status update control panel I didn’t ask for that came up on launch of admin which is usefull.
There are updates to a lot of stuff but the control panel shows everything from security, to what the various stats and security sensors are doing.
Granted, 99.9% of that is via sitekit but who cares, it kicks ass litterally.

We have had 1 user breach the system that was removed, 1 out of more than 102000 odd blocks and brootforce attacks since the new security system came online.
The user never made it past verification and was stopped at the border.
A pitty we can’t deal with covid like this.
For those looking you will have noticed 5 posts scheduald for publishing between january and november of last year are published.
They appeared as unpublished, one had no title, another had halloween spelt wrong, twice.
No idea why the scheduals didn’t execute when they were supposed to but they are published now.
These are out of date and won’t show up unless you read back through archives and are old news but they are finally out.
Note, that due to how the site runs I won’t be checking it daily, its more like every 3-6 months.
The site emails me and other admins when it does anything.
The jetpack service will tell me if the ai shuts down.
The site will tell the admins if its hacked, or updates itself.
So yeah, thats what is going on.
I will be away from 18th february to 18 april on several road trips, though I should have my workstation and some access.
This assumes the latest covid case which is one of those 3 week variants doesn’t cause enough strife to order another system reconfigure.
If that happens everything will be shut down till the software will be updated.
Right now it may just be a deal with the breech just like I am dealing with the security subsystem.
Lets hope we don’t go into a cleaninstall windows mode, I have been looking forward to this holiday.
Work for me has been slow though I have just completed a configuration update for an older system and may have another contract for that system in the future.
I have tried to and for various reasons not gotten 2 contracts this year.
I won’t really push for actual work till june or maybe may, giving enough time to get some stuff sorted out.
In other non tech news, I have been cleaning out cupboards and finding stuff I have not used in ages.
The podcast for blindvms tech supplimental hasn’t had content for a bit but I plan to do something at some point soon.
At this point, I am thinking about doing a cast where I use technology instead of talk about technology.
Cast will still be the same.
Obviously I will talk about the technology I am using.
This series will be still in the blindvms list of episodes but will focus on my roadtrips.
I am fully aware that 99.9% of the world is putting out fires right now, from the smoking servers of hell and while new zealand has its own fires we seem to be ok.
While that continues I will try to put out some of what I am doing.
I know a lot can’t travel at all so I will give recordings of various things.
At least thats the plan.
I have a new olympus lsp4 and will be getting the 32gb card for it today.
After looking at all the cards and best speeds, I will be getting the new sandisk ultra 32gb at 120mbps which is one of the newest ultra models.
Compaired to the extreme cosing 50 bucks its about 21 bucks so there you go.
Laters for now, its time for breakfast.

Comments (0)

White Cane Travel expiring tomorrow? Nobody called me to tell me about it!

I just love these types of forms. In the following example of things really to watch for, I’m going to show you a little bit of information about when my web site white cane travel expires. According to the form, it is to expire later on tonight if no payment for registration is made. I checked with a registration database and it expires in March, which means, I’ll be billed at some point next month. Have you seen anything like this before? Here’s the post for you to see.

---

---

I love these types of forms. First of all, its the 22nd of January as I am seeing the following form, and my domain is still active. The registration expiration date for the domain is 2021-03-06 which is March of this year. I’ll be billed next month at some point to renew the domain. This guy didn’t even get anything right as domains just don’t get expired due to non-payment. I have a valid telephone number in the who is directory, which we’ve talked about on the Security Box. I believe it is all hidden now from most people, but I have contact info on the site for those who need it. Check out this contact form i just received on January 22, 2021 as it was sent last night. What fun!

---

Below is the result of your feedback form. It was submitted by () on Thursday, January 21, 2021 at 21:32:37

name: Joe Miller
phone: +1542384593234
method: Phone
to: Jared Rimer
bug: No
additional_bug_info: Notice#: 491343
Date: 21 Jan 2021

YOUR IMMEDIATE ATTENTION TO THIS MESSAGE IS ABSOLUTELY NECESSARY!

YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED WITHIN 24 HOURS

We have not received your payment for the renewal of your domain whitecanetravel.com

We have made several attempts to reach you by phone, to inform you regarding the TERMINATION of your domain whitecanetravel.com

CLICK HERE FOR SECURE ONLINE PAYMENT: hxxps://domainregister.ga

IF WE DO NOT RECEIVE YOUR PAYMENT WITHIN 24 HOURS, YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED

CLICK HERE FOR SECURE ONLINE PAYMENT: https://domainregister.ga

ACT IMMEDIATELY.

The submission notification whitecanetravel.com will EXPIRE WITHIN 24 HOURS after reception of this email.
comment_or_question: Notice#: 491343
Date: 21 Jan 2021

YOUR IMMEDIATE ATTENTION TO THIS MESSAGE IS ABSOLUTELY NECESSARY!

YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED WITHIN 24 HOURS

We have not received your payment for the renewal of your domain whitecanetravel.com

We have made several attempts to reach you by phone, to inform you regarding the TERMINATION of your domain whitecanetravel.com

CLICK HERE FOR SECURE ONLINE PAYMENT: htxxs://domainregister.ga

IF WE DO NOT RECEIVE YOUR PAYMENT WITHIN 24 HOURS, YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED

CLICK HERE FOR SECURE ONLINE PAYMENT: hxxps://domainregister.ga

ACT IMMEDIATELY.

The submission notification whitecanetravel.com will EXPIRE WITHIN 24 HOURS after reception of this email.

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/87.0.4280.141 Safari/537.36
REMOTE_ADDR: 158.51.121.225

---

The IP: 158.51.121.225 is a data hosting transit IP according to a site I use and found called abuse IP database. I’ll talk about it in a future podcast of some sort.

According to the records, the IP belongs to GlobalTelehost Corp. . the domain listed is gthost.com . They show it in Canada. The IP was reported 20 times with a 32 percent rate of it being spam.

Comments (0)

The Security box, podcast 28: 2020 year end reports, teledildonics, news, notes and more

Hello folks, welcome to the Security Box for this week. This week’s show is packed and we’ve got the entire show notes for you. The rss got the show the same day, and it got a bit of the show notes up to the news notes.

News Notes is where I try to be thorough in covering with links to various stories where possible. I could not get this in to the notes for RSS, however, it’ll be available on the blog as we have unlimited space for the blog.

You tell me that you don’t want to mess with RSS? Please don’t worry. I’ve got you covered with the download of the file (172.62mb) for you to download.

Now, without any further ado, let’s give you those show notes so that you can read anything that is of interest. Thanks so much for checking out the blog, podcast series, and my web sites!

---

Welcome to podcast 28 of the Security Box. On this podcast, a couple of year in review items, news, notes, something called teledildonics or “The Male Chasity Cage” from a recent Security Now podcast, news, notes, questions, comments and more.

Topics:

• Year In Review: Ransomware
• The Year In Review: How COVID-19 Has Changed Cyber Security
• Security Now has a segment on something that I really don’t understand, but yet, caught my attention. I believe the term used by Steve was Teledildonics. Something we should be concerned about? The Internet of Dongs
• Covid-19 scam alert on vaccines

News, notes and more

• One of the biggest carding shops to date will be closing its doors come February 15th, 2021. Some of the reasons why it is closing are: poor performance on up-to-date value cards, the government shuttering some of their domains, and apparent covid-19 diagnosis of the owner of the shop. According to the article from Krebs on Security, the shop has been around for 6 full years. Most notably, some of the breaches that were high-profile that this shop sold valuable credit card data include: Saks Fifth Avenue, Lord and Taylor,  Bebe Stores,  Hilton Hotels,  Jason’s Deli,  Whole Foods,  Chipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ. According to Krebs, those who got in early will be able to cash out, while most will need to cash out before closure on February 15th. Both articles cover this well with links to various other stories, and the tech blog will be having this covered as well. Joker’s Stash Carding Market to Call it Quits Krebs on Security and Joker’s Stash, a forum for stolen data, says it will shut down within 30 days Cyberscoop should be read, and you can decide which article you like.
• Did you get your windows update on? Microsoft Patch Tuesday, January 2021 Edition and January Patch Tuesday Repairs Critical MS Defender RCE Bug should be read. MS Defender always gets updates, so this should already be patched according to articles. This month, there are 83 updates. 7 of the 83 were reported by Trend Micro’s ZDI project.
• The Vulnerability summary email I get might have things that pertain to you, one being mentioned by them for Del. The Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). If you have this, call Dell to get an update link or information on how to obtain it. There are also patches for Android and chrome listed in the high severity list. Here’s CISA’s writeup for people to see.
• Have you read this week in Security news which ended January 15th, 2021? There’s qquite a bit in there including some in which we’ve also covered. You can consider this as a digest of news each week, and usually I post these to the blog. Since I haden’t been feeling well, some of this stuff is being posted to the blog for the first time. This Week in Security News – Jan. 15, 2021 is the article, did you find something of interest?
• Mimecast had some certificates stolen, and there may be a link to the Solar Winds breach according to the article. Mimecast breach investigators probe possible SolarWinds connection is the article, and well worth the read. If you’ve been effected, Mimecast has already contacted you hopefully by now, but if not, do contact them for assistance.
• Krebs on Security says that if Solar Winds got breached as bad as they did, this can happen to anyone. I’d hate to find out if Microsoft got that breached, and all of Windows was compromised. SolarWinds: What Hit Us Could Hit Others is the article from Brian, and its definitely worth the read. Its all about the supply chain.
• Ring adds encryption to their product for video feeds between your camera and your app. Some may say that this is a little too late, but sometimes you don’t think about such things. Ring has been in the news for varying reasons, hopefully this will help. Ring adds encryption tool as other security questions surface is the article talking about this if you are a customer. If not, you might want to read it anyhow, because if you’re considering being a customer, this will be of importance to you. Ring is an Amazon product.
• You’ve probably heard about Signal and the pain they had when an influx of customers left facebook and went there. The reason is because Facebook was going to collect Metadata like phone numbers, how long messages were, and contacts just to name a few. This is common practice, even the phone companies do this when you place a call. Since Facebook has my cell phone number for my account already, I honestly don’t see this to be a problem. Signal endures ‘technical difficulties’ amid new popularity is the article, things hopefully will be returning to normal really soon.

Thanks so much for listening, please contact me throughout the program with questions, comments and concerns. We’d love to hear from you!

Comments (0)

I’m behind on news, let’s start with some good news

Hi all,

Let’s start with some good news to start the day on blogging. After not feeling well for a few days, i’m now feeling much better, trying to prepare for the security box, as well as get sone blogging done from the past while.

Yes, I have plenty still from last year I definitely want to cover, and I need to move forward with this year as it is still young.

There are two articles in regards to the apparent closing of the Joker Stash, a public web site that was once the king of credit card selling for underground shops.When putting in Jokers stash, you’ll definitely find a public domain that anyone can go to, but you need to log in to be able to do anything with.

I wanted to see what the web site was just so I can make sure i am giving accurate information, and I can say that at least for now, there is an active domain.
Krebs on Security does a great job in introducing people who have never heard of these guys to what they were up to. He writes:

The Russian and English language carding store first opened in October 2014, and quickly became a major source of “dumps” — information stolen from compromised
payment cards that thieves can buy and use to create physical counterfeit copies of the cards.

Krebs continues to write that 2020 was probably the worse year for the card shop, and apparently, the closure is coming from the card shop owner himself. I am not even going to speculate whether the person responsible for the Joker’s Stash had or didn’t have Covid-19, the major virus that has swept the world since March of last year. According to the article from Mr. Krebs, this web site was always good on making sure there were fresh cards to sell, and if the case was that he had Covid-19, it definitely didn’t help anything as buyers were complaining about the lack of fresh data.

Late last year according to this article, notices on several domains ran by the group displayed notices of seizures by the government. The shop moved to other infrustructure afterword and they were told things were OK.

What the Cyberscoop article didn’t cover and that Krebs on Security does, are some of the major breaches of companies that they got card data from.

Gemini estimates that Joker’s Stash generated more than a billion dollars in revenue over the past several years. Much of that revenue came from high-profile
breaches, including tens of millions of payment card records stolen from major merchants including Saks Fifth Avenue, Lord and Taylor,  Bebe Stores,  Hilton Hotels,  Jason’s Deli,  Whole Foods,  Chipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ.

All of these are links within the linked article we’ll be linking to.

Those who got in early will be able to cash out, according to Krebs, most will not. Spend by February 15th it says or forfit the earnings.

Joker’s Stash Carding Market to Call it Quits Krebs on Security

---

The second article, written around the same time starts out by stating:

An administrator of a notorious forum for stolen payment data and illicitly obtained personal information says they will shutter the site in 30 days. 

It goes in to detail on who they were, and what happened with law enforcement actions. I don’t know if both articles state this, but the Cyberscoop article indicated that there were over 3 million credit numbers under a claim.

Cyberscoop Article on Dickeys Bar-b-q

I don’t know if Krebs covered this, but another section of the web site > indicated that there were social security numbers and other personally identifiable information. This would be information such as name, birth date, and location just to name a few that was able to be searched by someone using the site.

Joker’s Stash, a forum for stolen data, says it will shut down within 30 days Cyberscoop

This has got to be the biggest news in recent memory of one of the biggest carding shops potentially closing. I’d love to link to the web site I found, but it is bearbones, a log in page with nothing to see. So long, Joker, hope you find something else to do. Its been fun.

Comments (0)

Did you get your windows update on? It should be good to go now

Did you get your patch tuesday on? Windows each month provides updates to your operating system so that it can be as secure as possible.

This month, the Redmond based company released 83 security updates with 7 of them disclosed through the Zero Day Initiative otherwise known as ZDI. The ZDI was recently covered in a recent security podcast we do called the Security Box.

There is information in both of these articles from Krebs and Trend that you should read. Microsoft Patch Tuesday, January 2021 Edition and January Patch Tuesday Repairs Critical MS Defender RCE Bug should be read for their content and you decide what you want to read.

Do you want to read more about the Zero Day Initiative? No problem! Here’s a link to the Zero Day initiative web site for those who want to learn more about what Trend and companies involved do.

Here are the headings within Trend Micro’s article that might be of interest:

• Critical flaw in Windows Defender can lead to RCE
• >;Microsoft splwow64 bug possibly next in line for active exploitation
• RCE from vulnerable HEVC video extensions, Visual Studio

and don’t forget the heading talking about their own solutions. I’d definitely be concerned if you use defender, as the disabled community’s choice is only defender for AntiVirus. I’ve written about this in a 2017 piece talking about AntiVirus and the disabled. I’ve also talked about AntiVirus in this 2020 piece asking if this field is dead.

I honestly think that AntiVirus will never change, but finding a flaw in the only piece of software the blind and disabled can easily use is not acceptible. I’m sure it was an oversite, but something I’m at least concerned about.

Find something within these articles you’d like to discuss? Bring it on, let me know what concerns you. Thanks for listening, reading and participating!

Comments (0)

The Security box, podcast 27: Breaches of the last year, security predictions, news, notes and more

Hello everyone, the RSS feed has had the podcast for at least a day now. Today has been a bit draining today, although I’ve felt great when I woke up, but then just didn’t have a whole lot of energy as the day progressed.

That being said, I did listen to my daily podcast, and there has been news that came out of that and of course Trend Micro came out with other news I have not read. Some of this will be covered in next podcast, but this podcast does have some interesting topics today.

The RSS does have a lot of the show notes, but I like to be as detailed as I can with the show notes so we’ll have them here for you.

You tell me that you don’t want to deal with the RSS because you don’t have a reader, or you just don’t want to learn? That is OK. Get the 169.67mb file by clicking on the link or pressing enter.

Here are the show notes for this program, and thanks for listening!

---

Hello folks, welcome to the security box, podcast 27. Trend Micro has a report they do each year talking about the trends of the next year and its worth talking about. Did you know about any of the breaches of the past year? We’ll go through that thanks to Solutions Review, as well. We’ll have news, notes, commentary and more and even a guest to boot if everything goes well. Thanks so much for listening, and make it a great day!

Topics:

• The Security Predictions from Trend Micro is always something fun to read. We’ll talk about some highlights that might be of interest, and of course, we’ll take questions and comments in regards to this. You can read the article entitled: Takeaways from Trend Micro’s 2021Predictions to learn more. I also posted a blog post with my thoughts on this one, and its available for everyone to read.
• Are you aware of the biggest breaches of the year? There is a post with videos and text, and we’ll talk about this. Ben Canner, a follower of mine on twitter, tweeted out Solutions Review Presents: The Top Data Breaches of 2020 and boy, is it something that I think we should cover.
• Cyber Wire Daily has what they call Research Saturday. This is a link to January 9th’s episode on Emotet and I will be summarizing this as part of this week’s program. There is a link to read show notes, and thanks to Overcast for providing a link to the episode, I think its worth sharing.

News Notes:

I think we’re going back to the original format that we started with, its much easier to maintain it that way. If you liked the other format, please let me know.

• According to Cyberwire Daily, a podcast, President Trump was removed from Twitter for several days, as well as removed from Facebook until he leaves office. The Washinton Post may have an article on this, as they site the post as being where the reports of him being kicked off. The January 7th program talked about the fact President Trump urged people to show their displeasure, although a tweet said to do it peacefully. It made no difference, as people demonstrated and caused problems on January 6th and caused the recount to be delayed. It was resumed later in the evening, and president elect Joe Biden was confirmed. Facebook bans Trump indefinitely; risks ‘simply too great,’ Zuckerberg says and Facebook, Twitter act on Trump’s false messaging after violence at Capitol should be read in regards to the latest on this ordeal. These two articles were read after listening to the podcast.
• This Week in Security News – Jan 8, 2021 has quite a lot of articles, some of which I had meant to cover but haden’t had an opportunity to blog about.
• Russian man sentenced to 12 years in prison for massive JPMorgan data heist is a bit of good news after a long bout of wondering if we are going to get some good news. While I published some good news recently, 2021 has gotten off to a great start with this one. This J.P. Morgan breach at the time was the biggest to date for that time, but Solar Winds today tops that. This was well orchestrated, and you should read this.

Things to ponder:

• Have you ever heard of Swatting? The tech podcast covered swatting and technology and things before, but swatting and Internet of things? Security Now episode 800 covers this in a 9 minute segment which I introduce making the segment over 12 minutes long. Do you really have your security settled?

Comments (0)

Use cloud environments? Better check this out

CISA sent an email about attackers taking advantage of poor cyber hygene. It was released on January 13th, and while it was short, I think this is of value to share.

The first paragraph says:

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques,
including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.

They recommend that people take a look at Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services for people who need it.
For the full article, Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments should be read and I hope that you find it of value.

Comments (1)

Apple’s Game-Changing iPhone Privacy Move Sparks Serious New Problem

Game over! Developers need to find another way to make money if they offer free apps. Its just a matter of time, but this article talks about IOS 14 having this feature. Kate does a great job covering this, so give it a read.

Apple’s game-changing new privacy move is great for users and bad for data collectors such as Facebook. And it could spark a serious new problem, according to reports.

Source: Apple’s Game-Changing iPhone Privacy Move Sparks Serious New Problem

Is it more of a problem for us or for developers? Sound off.

Comments (0)

Sans News Bites reports Minnesota’s Lake Region health care is the next victim on the ransomware is right

In all seriousness, on the next ransomware is right, the Minnesota health system is next up. I took the article from Health IT Security and it is entitled Minnesota’s Lake Region Healthcare Recovering From Ransomware Attack and it is a very interesting read. We did cover UHS in multiple articles from the blog and this particular article first linked mentions this and other health systems we may not have covered.

We need to really get a grip on our security, especially in the health care system. it isn’t enough to indicate that “we’re sorry” is going to cut it in this industry. The COVID-19 pandemic is in full swing, with sports going on and teams getting infected to the point where games are cancelled. One on Jan 11th and one on Jan 12th are cancelled because of the pandemic. Why should our health care have to suffer because of the fact that hospitals need to use other methods to verify care and the like because their operating systems and procedures are so out of date?Its time hospitals read articles like this so they can proactively figure out how to not get infected. Read the articles here, and add this to the list of more ransomware hit facilities and companies.

Comments (0)

Disgruntled former VP hacks company, disrupts PPE supply, earns jail term | ZDNet

The sabotage of electronic records led to delays in shipping critical PPE during the COVID-19 pandemic.

Source: Disgruntled former VP hacks company, disrupts PPE supply, earns jail term | ZDNet

One year should not be the default on sentencing for someone like this. The company could’ve been shut down because they couldn’t deliver, glad they’re not. Problem is that while one year may be a start, big time damage as you’ll read in the article was caused. Should one year be enough?

What do you guys think of someone going in and putting in a secret account and then getting fired just to have them do this? Would one year be enough for you to know he can’t possibly do that to another employer again? My thought is no. It becomes unauthorized access, and that is more than one year from what I’ve read in the past.

Comments (0)

House Passes Bill to Codify and Revamp FedRAMP

The bill would provide $20 million in annual appropriations for the federal cloud security program.

Source: House Passes Bill to Codify and Revamp FedRAMP

Does this mean that the government can finally start figuring out how to do things securely because they’re talking, or is this another talking point? With the worst breach in 2020 still needing to be learned about, I’m not sure this is the answer. Thoughts after reading this one.

Comments (0)

Ubiquiti: now joins the breach department through a cloud provider

This is still a developing story, and several podcasts will more than likely have this as I found another security podcast that might be of interest. Hearing things in a different light is definitely something I’m interested in, so we’ll see what has to be said about this story.

Brian Krebs wrote the article yesterday, and this is huge.

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control
systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider
may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

If you want to know how big they are, the last paragraph says:

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in
over 200 countries and territories worldwide.

I believe Security Now has talked about this router and I wonder what Steve is going to say about this?

The company became aware that information stored by a third party provider was accessed but they did not say which provider they were using. Brian has steps in the article that cover what you need to do if you’re effected.

Ubiquiti: Change Your Password, Enable 2FA is the article, if you’re effected, read it and follow its instructions or call the company for help.

Comments (0)

January Ouch is now available from Sans

I’m going through email and Ouch from Sans is here talking about Securing WIFI. Lots of us are on WIFI, so read the newsletter for this month and see if anything is needing to be done for you.

Comments (0)

Older Posts »

go to sections menu

---