go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: January 2021

Go to Homepage [0], contents or to navigation menu



Braille Institute says that January is technology month

I read at least one of these books in the following list, have anyone of you read any? The book I read and podcasted about when the books was around is called The Circle and it was a great book. Let’s see what everyone else has read.


I was going through Email, and found an email talking about January being technology month.

Below, the following books are generalized to fiction and non-fiction and are already available on BARD. Check your cooperating library outside the United States to see if these books are available to you.


Non-Fiction

 
Steve Jobs by Walter Isaacson – DB73682 (Spanish version: DB 72993)
Biography of entrepreneur Steve Jobs (1955-2011) chronicles his childhood, education, entry-level jobs in California’s Silicon Valley, 1976 cofounding
of Apple computer in his parents’ garage, and leadership in spearheading the iPod, iPhone, and iPad. Discusses Jobs’ personal and professional relationships
and his 2003 cancer diagnosis.  

Digital Minimalism: Choosing a Focused Life in a Noisy World by Cal Newport – DB94076
Computer scientist presents an argument for reducing the amount of time we spend online. Uses case studies to form a foundation for why to do this and
suggests ways to undertake a “digital declutter.” 

Bad Blood by John Carreyou – DB 91456
Pulitzer Prize-winning journalist recounts his investigation into Silicon Valley startup company Theranos, which claimed its new machine would speed up
and simplify blood testing. Describes interviews with insiders, research into the technology, threats he received as he uncovered fraud after fraud, and
Theranos’s eventual collapse. 

Invisible Women: Data Bias in a World Designed for Men by Caroline Criado-Perez – DB94381
Examination of a root cause of gender inequality–the exclusion of women or preferential bias toward men in research data sets. Discusses the ways these
biases play out in daily life, the workplace, product design, the doctor’s office, and public life, and what happens when things go wrong. 

The Patient Will See You Now: The Future of Medicine is in Your Hands by Eric Topol DBC02757 
A trip to the doctor is almost a guarantee of misery. Eric Topol, one of the nation’s top physicians says it doesn’t have to be that way. You could use
your smartphone to get rapid test results from one drop of blood, monitor your vital signs both day and night, and use an artificially intelligent algorithm
to receive a diagnosis without having to see a doctor.

Megatech: Technology in 2050 by Daniel Franklin DB88590 
A collection of essays forecasting the role of technology in the year 2050. Contributors include journalists, scientists, entrepreneurs, philanthropists,
medical doctors, philosophers, and novelists. In her essay, Melinda Gates envisions what might happen if every woman in the world had a smartphone of her
own. 

The Smartphone Society: Technology, Power, and Resistance in the New Gilded Age by Nicole Marie Aschoff DB98753
Journalist examines the rise of smartphone usage and ways corporations including Google, Facebook, and Amazon have used smartphones to surveil social,
political, and economic activity of users. Discusses the ways users have taken advantage of the technology to create and maintain political resistance
movements. 

Beauty and the Beak: How Science, Technology, and a 3D-Printed Beak Rescued a Bald Eagle by Deborah Lee Rose & Jane Veltkamp DB89590
After a hunter shattered her beak, Beauty, a bald eagle, was rescued in Alaska and relocated to Birds of Prey Northwest, a raptor center in Idaho. Recounts
how scientists and engineers created a prosthetic beak from a 3D printer while her real beak regenerated slowly.

Blood, Sweat, and Pixels: The Triumphant, Turbulent Stories Behind How Video Games Are Made by Jason Schreier DB90959
A journalist who covers the video game industry documents the process of making a game, from initial concept with the game creator through the large team
efforts that it takes to develop a popular game. Includes creation stories of popular games like Diablo III, Halo Wars, and more. 

Cryptography: The Key to Digital Security, How it Works, and Why it Matters by Keith M. Martin  DB101019
Information security specialist presents an explanation of the role of cryptography–often associated with the world of spies–in the world of information
security. Topics covered include what security means in cyberspace, algorithms and what they do, cryptocurrencies like Bitcoin, and potential scenarios
for the use of cryptography. 
 

Fiction

 
Ready Player One by Ernest Cline DB73772
2045. Multibillionaire James Halliday dies, leaving his last will and testament online for the world to see. His massively multiplayer online game OASIS
has a hidden feature–an Easter egg–and the person who finds the egg first wins Halliday’s fortune. 

The Circle: A Novel by Dave Eggers DB77770
Mae begins work at the Circle–a company that reinvented the Internet by creating one transparent identity for each user. Although enthralled by her increasingly
powerful online role, Mae is troubled to learn that the company may have a dark side. 

Jurassic Park: A Novel by Michael Crichton DB32018
Something is terribly wrong at Jurassic Park on a remote island off the coast of Costa Rica. Visitors and residents are being attacked by strange looking
animals that maul them and leave behind a sticky saliva. Dinosaurs cloned and raised by a genetic engineering firm have escaped. Consultants are brought
in to solve the problem, but soon everyone is running for dear life. 

I, Robot by Isaac Asimov DB15779
U. S. Robots and Mechanical Men, Inc, headed by the strong-minded Susan Calvin, manufactures and sells intelligent, human-like robots. Nine stories illustrate
how the robots are programed with the three Laws of Robotics to serve man, despite many of the ingrained fears and prejudices humans have against them.

Feed by M.T. Anderson DB55687
In the future, most people have computer implants in their heads streaming information. Titus has had his since birth, while home-schooled Violet received
hers later. When the “feed” is attacked by a hacker, Titus’s system shortly recovers but Violet’s continues to malfunction. 

Comments (0)

The Big news of the day, Amazon booting a new social media platform off of AWS

Hello Folks,

I placed a call to someone today to catch up with them, and they happened to tell me about an app that was removed off of the Internet by Amazon. Sure enough, I found an article by Cyberscoop about it, and that article is entitled Amazon boots Parler from web hosting service over violent content which was quite interesting.

We know that Social Media has tried to play sensor and delete things that could be questionable. The problem with this is that in the United States, we have the first amendment of what is called Free Speech.

We also know that Donald Trump has been kicked off of both Facebook and Twitter, although from what I heard, he urged people to be civil, and from what I was told today, he was outraged about the violence that took place last Wednesday.

The article in question starts:

Parler, a social media platform favored by pro-Trump groups, was completely offline Monday morning after Amazon knocked the company from its web hosting
services overnight.

Federal law enforcement have continued to make arrests after the January 6th attack on the Capital according to the article. It continues:

Posts on the social media platform were part of the long trail of digital
evidence available to investigators. The mob included white supremacists and proponents of the QAnon conspiracy movement.

Here is an article from the NY Times that talk about the arrests if anyone wants to take a look at that, as it is outside of the technology blog and security aspect of the blog.

The publication Buzzfeed first reported the news that came straight from AWS itself, feel free to read the news if you;’re interested. The ban went in to effect just before 3 am eastern time according to the article.

They link to the Washington Post for this aspect of the story.

I completely understand the problem we have here. You’re trying to get rid of hate speech which could encourage violence, and that is probably a good thing. People may say something that may not necessarily be hateful, but people at these companies could suspend you just for posting something they consider hateful or violent. That, I don’t think is fair.

Also, according to the article, we learn that Donald Trump has been permanently banned by Twitter, following Facebook and their move to do so last week.

Last night, I ended up reading a couple of articles that had to do with Q-Anon, and I wasn’t really going to talk about one until I saw the other. Since this is in regards to a social network being shut down, I’ll say that these guys can probably go elsewhere to do their talking, and there isn’t anything we can really do about it.

One article by Krebs is entitled Hamas May Be Threat to 8chan, QAnon Online and I found it interesting. The first paragraph says:

In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard,
a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by
a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas.

All I’m going to say about the app, and the dealings with these other companies in this article is this: if there are terms of service violations which are apparent, then kick them off the Internet. If not, there is no need to do anything, because we should have the right to have free speech and say so about whatever is on our mind. Unless the government says otherwise, the U.S. has a constitution and so do other places saying we can write, think, do, and speak whatever we want unless we’re threatening people or causing harm.

Just because one says they’re going to “do something” doesn’t mean they will. Sure, there are groups organizing to “do a lot of various things” but is it your jonb to try and kick them off because they were doing something civilly?

Brian links to last year’s article and says that it

examined how a phone call to Oregon-based CNServers was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online
image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global
child sex-trafficking ring and plotting against President Donald Trump.

We know that sex trafficing is a global problem, and I could see someone making a phone call to get that taken off line so nobody gets hurt. I support that. But why take a social media platform offline just because people are organizing? Am I missing something?

The second article in this series All Aboard the Pequod! goes in to more detail on these groups. If you kick them off one place, they’ll go to another place, so it isn’t a big deal since they’re going to continue to organize and cause problems. Maybe the publicity is what they want.

That’s all i have to write right now, but this is a good way to tie all of these articles in to one blog post for today. This is only going to get more interesting as time goes on.

Comments (0)

The Technology podcast, podcast 358: Stripe demo, terms of service violations, and a very interesting dark net diaries podcast

Welcome to podcast 358. The RSS has the program up for you. Here are the show notes for this program.


On this edition of the technology podcast, a stripe demo for you on their app. Also, people getting away with blatently violating terms of service. Finally, Dark Net Diaries had an episode on the darknet and someone who got caught in the crosshairs of the law because they baught and sold drugs on the underground. I hope you all enjoy the program. This program lasts 84 minutes. Enjoy!


The Darknet Diaries podcast can be found by going to dark net diaries on the web.

Don’t have or want to deal with RSS? No problem! Here is the 76.99mb file for you to download.

Thanks so much for listening, and we’ll see you again on the next edition of the program!

Comments (0)

Reserve Bank likely hacked? Should we be backing up to the cloud?

Shaun Everiss sent me the following email this morning.

Hi.

This appeared yesterday just before dinner.

https://www.rnz.co.nz/news/national/434299/reserve-bank-likely-hacked-by-another-government-expert

Everyone is trying to get on this, now its government warfair all over again.

And people say we should back up to the cloud.

I am in the process of replacing one of my backup drives.

The article indicates that this particular breach was caused by a nation state actor who may have breached their third party

In a statement, the bank said a third party file sharing service it used to share and store some sensitive information had been hacked.
Professor of Computer Science at Auckland University, Dave Parry, said the attack was significant.

The article continues:

It was likely to be another government trying to attack the Reserve Bank, he said.
“Because ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so
you’d be more interested probably coming in from a government to government level.”

It also reminds us that this isn’t the first attack in New Zealand, as this blog post talked about New Zealand coming back online after the stock exchange was hacked or apparently anyway hacked.

I’m sure this is a developing story, and if more comes across my desk, we’ll be sure to cover it.

Comments (0)

We’ve got more news … DDO Secrets isn’t being done leaking data … using TOR now

In the back dated department, I remember talking about DDO Secrets in this 2020 blog post: Blue Leaks, this is as bad as it gets which talked about something called blue leaks. Apparently, this was 10 years of archives named blue leaks, and we’ve not heard anything about it nor DDO Secrets till now. To set the record straight as I was writing this, Blue Leaks was the name of 269gb of data that you’ll read about as I take this Phishlabs article apart, no wonder my memory is fuzzy on the name.

Now, Phishlabs has an article on this agency, Activists Leak Data Stolen in Ransomware Attacks and it has lots of various links to various things to boot.

This company seems to have terabytes of stolen emails, documents, and photos
from various companies covering the range of sectors like finance, pharmaceuticals, software, and manufacturing. So, I guess Germany didn’t do enough to shut them completely down as now they’re back to work causing havoc like every other ransomware group out there. That’s nice!

This is probably the most important paragraph about this group which brings back memories from the earlier post I linked to within this article. While I mentioned it above after I initially wrote this, it is still worth sharing for those who are not interested in linking back to my prior coverage of the Blue Leaks fiasco. The paragraph says:

Stating their goal is to “serve and inform the public,” DDoSecrets claims that the information they are promoting and publishing is already exposed and
that data leaked by ransomware groups often contains information that deserves to be scrutinized. 

Are you sure they have already been exposed and you just aren’t another hacker going after data to make yourselves look good?

Now we’ve also got to worry about double extortion where companies have to pay the ransome and then pay to make sure it doesn’t get out. We’ve learned through other articles that this tactic doesn’t quite work, because these gangs can go on their word and do it anyway. That is what I think this DDO Secrets company is, and I’m sticking to it.

The collection and publication of stolen data by DDoSecrets clearly illustrates why organizations affected by a ransomware attacks have more to worry about
than negotiating a ransom payment. Extracted data is frequently exposed whether or not ransoms are paid. Data stolen in ransomware compromises may be on
the road to a fast and much more public exposure via a third-party. 
 
DDoSecrets has been in the spotlight for publishing hacked documents in the past, including a 269-gigabyte collection of law enforcement files known as
BlueLeaks. After a series of repercussions including a server seizure, they are now hosting a majority of their content on Tor protected sites. 

Now I understand where Blue Leaks came from, this company either stole stuff or baught it, published it, then got it named blue leaks by the community based on the data that was stolen. Now, that makes sense, and I remember now this article said that but I’ve been reading so much as of late.

Since now they host their stuff on TOR web sites, is there any luck on getting it shut down for good? People like this make me wonder why we have the internet anymore; even though we’re all connected during this difficult time. I appreciate my Internet, and I really don’t want my Internet to have problems because of some company like this out loose buying stolen data, putting it out and hurting companies. That isn’t for the greater good, is it? The comment boards await you.

Comments (0)

Chinese web firms ‘bullying’ customers with data, algorithms – consumer watchdog

This is the same China that goes around and sensors their own citizen Internet, go look it up. Now, they want fair buying practices when they tell consumors what they can see, where they can go, and what social media to use? I honestly buy this. The beginning of the article and a link are below to form your own opinion. China, I’m not buying.

Chinese internet companies have been violating customers’ rights by misusing personal data and

Source: Chinese web firms ‘bullying’ customers with data, algorithms – consumer watchdog

Comments (0)

Here is some solar winds news, news ending January 9, 2021

The biggest news this week in regards to Solar Winds is the fact that a court has been hit in the ongoing fiasco that is now being talked about as the biggest breach of 2020 according to Solutions Review Presents: The Top Data Breaches of 2020 which one of my followers tweeted. What I’d like to do is try to get the videos from this and share it on a future podcast, as some may be familiar and some may not. I may just read from the web site and do it that way. What isn’t surprising in this list is that Solar Winds is the breach of the month in December, and from what I’m hearing, companies may be effected but not coming out as of yet.

As I said, courts are the next victim, and this article entitled Federal courts are latest apparent victim of SolarWinds hack and it is a Cyberscoop article. Tim Starks writes for Cyberscoop on this one.

According to the article, Federal courts are a goldmine for criminals, since there are so many cases that go through there. All kinds of cases and all kinds of crimes may be heard by the federal court, so protecting this data is of utmost importance I’d hope.

According to the article, it says:

Going forward, federal courts will only accept filings of highly sensitive documents in paper form or via secure electronic devices, and won’t upload those
documents to its electronic case management system.

“This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not
available to the public,” the office said.

They also write:

“CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform and has identified legitimate account abuse as one of
these vectors,” the agency said.

This continues to be an ongoing ordeal, and I’ve published a blog post about something that may be of interest for those who come here specifically for Solar Winds coverage.

Finally, the article concludes with this paragraph that says:

Via a new technique that CISA has seen hackers use in an incident it responded to, the agency said, “it is possible that authentication can occur outside of an organization’s known infrastructure and may not be visible to the legitimate system owner.”

This may be a major problem moving forward, and I don’t know what the solution of this is going to be if 2021 is the year for huge breaches like this one that can go undetected for over a year.


Next, Sen. Warner accuses White House of weakening statement attributing SolarWinds hack to Russia comes to mind as well. Mr. Warner has spoken out in regards to other breaches, so he’s a good vocal point that we need to have.

The first paragraph may just sum this article up beautifully. It states:

An influential Senate Democrat who will soon chair the intelligence committee on Thursday accused the White House of “water[ing] down” the U.S. government’s
public statement linking a hacking campaign to Russia, and suggested more high-profile corporations had been breached.

Another paragraph later down says:

A person familiar with internal U.S. government deliberations on the matter echoed Warner’s accusation, saying that the White House had weakened the language
attributing the campaign to Russia and that the word “likely” was a surprise inclusion in the final statement.

Spokespeople for the White House and its National Security Council did not respond to requests for comment. Russia has denied involvement in the hack.

Those that may have done it of course don’t want to admit to having any involvement but attribution seems to now be stronger on Russia, even if they don’t want to admit it.

There is a lot of linked stuff here, so I can’t take every paragraph and pull it apart, so just check out the article, and let us discuss it.


Finally, Mr. Trump, if he’s very unhappy now that he’s apparently lost his twitter account for the foreseable future, he mize well find something to do as one of his own people he hired than fired had no trouble finding another job. Mr. Christopher Krebs, no relation to Brian Krebs, found a job at Solar Winds as he was hired to help them figure out what broke and help them get back on their feet. The article SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack is the article I’m talking about by Cyberscoop. Sean Lyngaas wrote this article for the publication.

Alex Stamos, former Facebook Security Chief, also got hired for the task as well.

According to the very first paragraph:

Software provider SolarWinds, which was breached in a suspected Russian hacking campaign against U.S. companies and federal agencies, has hired former
senior U.S. cybersecurity official Chris Krebs and former Facebook security chief Alex Stamos to help respond to the hack and improve its security practices.

Continuing:

Krebs and Stamos will work as consultants for Texas-based SolarWinds as it continues to deal with the fallout of a hacking operation that has roiled Washington
and is considered one of the more significant cyber-espionage campaigns against U.S. agencies in years.

When we first learned about the breach, publications like Cyber Scoop and others stopped short on saying it was espionage, but it has later been confirmed to be such.

Lastly for this section, the article says:

“Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies,” SolarWinds said in a statement. “We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class
guidance on our journey to evolve into an industry leading secure software development company.”

Solar Winds, your mistake was the fact that you took your development offshore according to what I read, and you put security on the back burner. In my opinion, maybe you deserve what happened, and hopefully you’ll learn what not to do next time.

The article goes on to say that less than 10 federal agencies including commerce, DHS, the department of energy, the white house and possibly others we still don’t know about. The article only lists three as example, but I don’t believe we’ve heard it all yet.

Alex was part of Yahoo! at the time we didn’t learn of the many Yahoo! accounts that were breached. I’ve stopped using my Yahoo SBC account and have no plans on using it.

There’s more about each member, lots of links, and lots to read. Have something to say? Register and leave those comments. Its free to do, and we welcome your comments right here, on the tech blog.

Comments (0)

BARD message of interest, January 9, 2021

Bard maintenance notice

The following comes from Bard’s web site, and may be of interest to patrons of BARD.

I went up to look up something, and saw this.


Alert Message

NLS is planning routine maintenance that will begin 11:00 PM, Eastern Standard Time (EST), Tuesday, January 12, lasting 17 hours or less, with the expectation that BARD will resume normal operation by 4:00 p.m. EST on Wednesday, January 13. The NLS main public and Network Library Services websites, Voyager catalog, Text-Only catalog searches, and ThatAllMayRead website will remain available. This maintenance work includes our long-expected move of BARD to a cloud environment. Once operation resumes, patrons will experience no functional change to BARD, but these users accessing the system via a high-speed Internet connections may notice faster download speeds. Don Olson


I hope this message may be of benefit to those using BARD, and thanks for reading!

Comments (0)

CISA releases Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

I’ll have more on Solar winds and some articles I’ve read that night be of interest, but for tonight, I read a lot of this CISA report:
Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
for people who need it. I don’t know if people need this, so I thought I’d share it.
There is information on techniques and procedures the actors have used along with links to other information they released.

If you’re not subscribed to this email list, than I’m supplying it to you so you can have it. I hope this finds interest to those who need it.

Comments (0)

What is going on in the security landscape, news ending January 8, 2021

Hello folks, welcome to a wrapup of what is going on in the landscape of security. In no way is this going to be a complete rundown, however, some of what I’ve read or come across, or even news that I didn’t see that comes across my desk through a digest from Trend Micro.

Let us get started with “This week in Security News” from Trend Micro. I really like covering these posts because they cover a lot, some I may have read, some I still need to read, yet others may just be interesting but yet not worth talking about in the long term.

There are two articles I’ve been meaning to cover that are in my rundown from this news digest that I mise well cover here. The first is Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration and I had to read it from the web version. This is very dangerous because it relies on people using webmail to access their mail. I’ve ditched webmail many, many, many years ago because I personally find it to be something that doesn’t interest me. Even when I signed up for gmail and I finally decided on it for youtube and even now an off site email address, I was not using the website to check my mail.

The good news is that I think that most of us who read this aren’t using this site at all that is referenced. The web site is mail2000tw[.]com or any kind of sub domain. I can’t tell what language it is, I did visit the site via private browsing to see what language it is.

Trend Micro writes:

We discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities
in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that
is widely-used in Taiwan.  With no clear connection to any previous attack group, we gave this new threat actor the name “Earth Wendigo.”
Additional investigation shows that the threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians
and activists, who support movements in Tibet, the Uyghur region, or Hong Kong. However, this is a separate series of attacks from their operation in Taiwan,
which this report covers. 

Other headings within this article include but are not limited to:

  • Initial Access and Propagation
  • Exfiltration of the mailbox
  • Infection of email accounts
  • Service Worker script exploitation
  • and Email exfiltration

The article here is very detailed and I think people need to read this, as it could come to a web mail service near us. Luckily, it hasn’t happened as of yet, but it is definitely something that could eventually happen.


The other thing in this week’s digest of the news is also something that I wanted to cover An Overview of the DoppelPaymer Ransomware is the article and it is also a good one.

The article starts out:

DoppelPaymer uses a fairly sophisticated routine, starting off with network infiltration via malicious spam emails containing spear-phishing links or attachments
designed to lure unsuspecting users into executing malicious code that is usually disguised as a genuine document. This code is responsible for downloading
other malware with more advanced capabilities (such as Emotet) into the victim’s system.

I believe I’ve talked about Emotet on the technology podcast, and it definitely isn’t going anywhere with this new project. This also uses the Dridex malware family (website) which will either download the DoppelPaymer directly or something else.

This is definitely something that is stealthy, troublesome, and something that we should all know about.

The article goes on and says:

Once Dridex enters the system, the malicious actors do not immediately deploy the ransomware. Instead, it tries to move laterally within the affected system’s
network to find a high-value target to steal critical information from. Once this target is found, Dridex will proceed in executing its final payload,
DoppelPaymer. DoppelPaymer encrypts files found in the network as well as fixed and removable drives in the affected system.

Finally, DoppelPaymer will change user passwords before forcing a system restart into safe mode to prevent user entry from the system. It then changes
the notice text that appears before Windows proceeds to the login screen.

The new notice text is now DoppelPaymer’s ransom note, which warns users not to reset or shut down the system, as well as not to delete, rename, or move
the encrypted files. The note also contains a threat that their sensitive data will be shared to the public if they do not pay the ransom that is demanded
from them.

According to the FBI notification, DoppelPaymer’s primary targets are organizations in the healthcare, emergency services, and education. The ransomware
has already been involved in a number of attacks in 2020, including disruptions to a community college as well as police and emergency services in a city
in the US during the middle of the year.

DoppelPaymer was particularly active in September 2020, with the ransomware targeting a German hospital that resulted in the disruption of communication
and general operations. It also fixed its sights on a county E911 center as well as another community college in the same month.

The following is what is recommended by Trend Micro in regards to this one:

  • Refraining from opening unverified emails and clicking on any embedded links or attachments in these messages.
  • Regularly backing up important files using the 3-2-1 rule: Create three backup copies in two different file formats, with one of the backups in a separate physical location.
  • Updating both software and applications with the latest patches as soon as possible to protect them from vulnerabilities.
  • Ensuring that backups are secure and disconnected from the network at the conclusion of each backup session. 
  • Auditing user accounts at regular intervals — in particular those accounts that are publicly accessible, such as Remote Monitoring and Management accounts.
  • Monitoring inbound and outbound network traffic, with alerts for data exfiltration in place.
  • Implementing two-factor authentication (2FA) for user login credentials, as this can help strengthen security for user accounts
  • and Implementing the principle of least privilege for file, directory, and network share permissions.

As with all things troublesome, making sure we have our backups is the most important thing. I personally pay for dropbox for that purpose, and I am sure glad I have!


The Hacker News has an article entitled: FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack which I have not read. Cyberscoop has articles dealing with Solar Winds and some fall out. They are:

The last two go hand in hand, but all in the above list are interesting, saying that Russia has been to blame in varying paragraphs. That is why I link all of them in this section because it is the latest we have, and I can only imagine Trump going ape over his accounts being suspended. With what has gone on, its about time that the companies do something to curve his behavior, even if it indirectly was responsible for the attacks that have been in the news as of late. Read all of these articles linked above in the above list because they are all good and vary in content. several of these articles may be linked in podcast content in passing for news notes, but its all informative. articles will


Another article that is worth talking about is protecting your kids while learning at home. This article How to Protect Your Kid’s Privacy While At-Home Learning goes in to detail on this.

The beginning of this article says:

Why Trend Micro
Research
Support
Partners
Company
?
navigation region end
?
Privacy & Risks
Share
Print
article
Privacy & Risks
How to Protect Your Kid’s Privacy While At-Home Learning
Many kids now have school-supplied computer equipment away from the school network. However, with this come privacy and security concerns. Some are easy
to avoid, but others need some modifications to ensure safety.
By: Stephen Hilt, Erin Johnson December 22, 2020Read time: 5 min (1381 words)
Share
Print
?
——————————————————————————–
main region
With the pandemic forcing many people to work and attend school from home, there has been a major shift in the use of technology for many businesses and
learning institutions. And this has brought a lot of interesting findings, at least from my own.
My kids have been attending school virtually this year, and I’m glad that schools can offer options and provide a high level of education virtually during
the Covid-19 pandemic. One of these options is the use of Chromebooks. While many US school districts have been providing Chromebooks to children at school
for some time, the scale of this need changed significantly in 2020. Fortunately, some school districts have found the ability to get more computers for
students who need them at home.

While I applaud the schools for providing people who need them the computers, the article talks about how schools are locking down even the network at home because it is signed in to the same google account even though the provided computer is not even being used. This goes beyond the reach of my understanding, please read Trend Micro’s article on this.

One of the things I heard in a new podcast I just subscribed to called The CyberWire Daily mentioned software called JetBrains, another piece of software that may have been compromised. I have not read Investigation Launched into Role of JetBrains Product in SolarWinds Hack: Reports but it is interesting that yet another company may be involved in one of the biggest breaches we’ve ever known.

Here is what the clip of this article states. Again, i’ve not read this, so I have no more info except what I heard on the podcast.

Cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by
JetBrains to achieve their goal. JetBrains is a software development company based in the Czech Republic that has offices in Europe, Russia and the United
States. The company claims its solutions are used by over 9 million developers across 300,000 companies around the world.


We can’t forget phishing. Email threats are going to rise, and with that legitimate domains may be used. Also, RYUK is still being used more than ever, something called Hastebin is being used to deliver fileless malware called Hastebin and much more. To read the entire article of what is going on this week from Trend Micro, please go on over to Trend Micro’s blog: This Week in Security News – Jan 8, 2021 to read all of the details.


Finally, we’ve got some great news I always like to cover. Russian man sentenced to 12 years in prison for massive JPMorgan data heist and that i good news because J.P. Morgan’s breach was one of the biggest to date for its time.

Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether
from the hacking, the Justice Department said in a statement.

We should back up and start at the beginning though: The article states in part: A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors
say involved the theft of personal data from over 100 million customers of big U.S. financial firms.

The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working
with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers
then sought to inflate stock prices by marketing them to people whose data they had stolen.

There is definitely more, and more that I need to get out in regards to Solar Winds but I’ll do that in a separate article as Solar Winds is just as interesting alone as it would be in a roundup like this.

This completes the news notes, did you find something of interest? Why not get in touch? Comment on the blog! Write an Email! Use whats app, email/imessage or any other contact info you want! We’ll be waiting.

Comments (0)

Have you read Trend Micro’s year in review yet? Its quite interesting as usual

The Year in Review for 2021 was released on Trend Micro on the 8th of December, 2020. It is definitely a facinating read every time I read it, and Trend Micro isn’t far off. There is always room for error.

I’m always facinated in regards to Trend Micro and their predictions report that they come out with each year. This time, Takeaways from Trend Micro’s 2021 Security Predictions is the article and there’s a lot here.

In the next Security Box, I’ll Text-to-speech this article as it’ll go faster, and we’ll discuss it.

I think one of the biggest and continuing threats in this landscape will be the continuing ordeal of the pandemic as well as the actors keeping up with what people want to know.

Home offices as hubs? You bet. With more people working from home and that not changing for the foreseeable future, criminals will be wanting to utalize any connection they can to get their wares out in to the world.

For example, I used a website tpo see an IP address to try to see if it was reported as spam. It was a malicious spam message, but the IP was a fixed landline internet connection. That makes it a bad IP. Because it sent me Spam, I had no choice but to report it, although I felt bad. The site, which I may rtalk about on a podcast of some sort, is a site that collects data on various trends of Spam, hacking and other aspects of attacks. I don’t exactly know what they do with it, but if I see something from the same range, I can block that range of IP’s from coming to my web site and spamming me. This is especially true if it is an IP designed to push traffic to their next destination such as your hosting provider, it isn’t supposed to visit the web and send Spam.

Covid-19 isn’t going anywhere, in fact, California is so out of control we’re out of beds in the ICU. Actors are going to take advantage of this, and Phishing and ransomware have been sent based on this devistating tragety which has rocked the world. It is unfortunate, however I don’t think we’re done with that aspect of attacks as of yet.

The next major heading they talk about here is Digital transformation efforts as a double-edged sword (if not done right). This section is really meant for business and not necessarily for consumers, so when you read the article, know that I’m thinking of you as a business. Consumers must read this to understand what is happening in the business world, and it was a definite interesting read.

To read the full article which links to Turning the Tide: Trend Micro Security Predictions for 2021 which you should read the first heading: “What At-Home Workers Need to Know.” Thanks so much for reading.

Comments (0)

The Security Box, podcast 26: Solar Winds, apps for spyware and more

Welcomne to the security box, podcast 26. We have a 229.68mb download and our RSS to boot.

You can search my name, Jared Rimer, to get my podcasts on apple podcasts, overcast and others if you wish. I checked it out in overcast, and both this one and my internet radio program is available.

Since this is a blog post in regards to the Security Box, we’ve got lots of notations that were not included in its RSS, so I guess its time that I put the whole show notes out there for you to read since I pointed people to the blog there.

Here are those notes.


Hello folks, welcome to the security box, podcast 26.

Topic continuing:

The topic of Shaken and Stir will get its wrapup from podcasts 21 and 23.

This should be the last of this as we don’t have far to go with it.

Things to ponder

  • I can’t believe that we are talking about spy applications that could spy on people while they use their phone. There are applications for Mac, IOS, Android, Windows Mobile, Windows PC, Symbian, HTC and others.

    Some of the most famous examples of these monitoring applications are iSpy for iOS and Freezy for android phones. Other examples include SpyFu for Mac, Rxected for iPhone, logger for Blackberry, Cloner for Windows Mobile, GoArtical for PSP, CoolMobile for Windows Mobile, MyTrace for iPhone, MyTrace for Android, MyTrace for PC, Sonar for Symbian, ATOM GPS for HTC, ATOM GPS for Windows Mobile and PC.

    Are you a parent, and what do you think? The article is well written and I’m not bashing the article, nor the web site, but the practice of using such an app when children can find these apps if they think they’re being tracked. What about the web site practices? From koolwebsites.com, we have: Watch Your Kids with Mobile Spy Apps is the article and I hope this sparks some discussion. blog post from the tech blog with comments are also available to you.

  • News Notes

    Arrests

  • We start off with some good news in the arrests department, where 21 people from the UK and other places were picked up for using stolen data from a now defunked site calledWeLeakInfo. Besides learning about these 21, we learn about others too. Quoting: the article says:

    “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. … “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices,” the NCA said. “Many more of these visits are due to take place over the coming
    months.” “As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and
    crypters,” the agency said. “Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.”

    Let that last one sink in a little bit. Article: UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

More News Notes

  • Boy, Ticket Master sure does seem to be the bad guy. They ended up paying $10 million because they illegally used passwords they obtained from former employees of another company to see what they were up to. Is this the right punishment for such a big company who sells tickets to many different types of events? Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company is the article, and boy is this big.
  • I have some security news coming out of the United Kingdom in this blog post which might be of interest to people if they haven’t seen it already. The article talks about WeLeakInfo and Cyber Scoop does a good job covering this one. I put it under arrests for more info, but my blog post does have other odds and ends on it too.
  • The blog has plenty of news on Solar Winds and I even have a three part article which you can go find. I know we’re not done with that.
  • Travel Booking company pays out money for 2016 breach was talked about on my blog, and boy was it a big headache for the travel company.

Want to comment? Feel free to get in touch! Contact information is throughout the program. Thanks so much for listening!

Comments (0)

CISA Updates Emergency Directive

I wasn’t originally going to cover this at all, however, I recently subscribed to a podcast called “Cyber Wire Daily” which releases podcasts every day on the goings on in the Cyber Security industry.

While I need to catch up with this podcast, one of the recent podcasts listed covers this so I thought I should better cover this. CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise is the entire title of this and is linked here for you.

There are links throughout that might be of interest to boot, so go ahead and check it out and see if there is something you need to know about within this linked item.

I read a lot of this, however, I’m not really sure how to cover this on a podcast since I don’t know people specifically effected.

There are two items that caught my attention when I initially read this.

  • Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises
    should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1
    HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes
    updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.
  • Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic
    analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.

There might be something you need to pass on to your superiors who deal with this, so please check this out and see if it applies to you.

Comments (0)

Enhancements in JAWS 2021.2012.48 (January 2021)

Jaws just got released with a new update for January. Below is information on that update with links to the original source and the downloads page.


The following is a list of improvements made between the initial 2021 release and the January 2021 update.
To download the latest release, visit the Downloads web page. You must be logged on as an administrator to install this software.

New Layered Keystrokes for Adjusting JAWS and System Volume

Many users working with conferencing applications like Zoom and Teams have raised the issue of JAWS volume blocking their ability to hear a meeting or
webinar while trying to navigate in other applications. To solve this issue, we have introduced a new feature that lets you easily adjust the volume of
JAWS independently from the volume in other applications, such as Zoom, Teams, Skype, YouTube, or other apps that play audio.
JAWS and Fusion now offer a set of layered keystrokes for quickly adjusting volume. To access this layer, press INSERT+SPACEBAR, followed by V. Next, press
J to control the volume of JAWS speech or S to control the main system volume. After pressing J or S, use the ARROW keys to raise or lower the volume in
small increments, or PAGE UP or PAGE DOWN to raise or lower the volume in larger increments. Press ESC to exit the layer when finished. Volume changes
remain in effect until you later adjust them using the same commands.
Note: When adjusting volume with the ARROW keys or PAGE UP and PAGE DOWN, the lowest level that can be set is 10 percent.

New Voice Assistant Option for Selecting the Microphone

You now have the option to choose which microphone the Voice Assistant uses when listening for commands. By designating a different microphone for this
feature than what is being used for other applications such as Teams or Zoom, it allows you to mute those applications during meetings and still use the
Voice Assistant with JAWS, ZoomText, or Fusion. You can find the Microphone input device combo box under the Voice Assistant group in Settings Center.

Support for Native Math Equations in Microsoft Word

JAWS and Fusion now supports reading math content in Word documents inserted through the Office ribbon without the need for additional extensions. While
you can still use the MathType extension from Design Science to create math content, you now have the option to also use the built-in math creation functionality
in Word. Whether math content was inserted in a document using the MathType extension or directly through the Insert tab of the ribbon, when you encounter
a math equation or formula, JAWS reads the problem and then says “Math Content.” You can then press INSERT+SPACEBAR followed by EQUALS to open the JAWS
Math Viewer so you can study the equation in greater detail.
Once the Math Viewer is opened, you can navigate individual parts of an equation, such as variables, terms, coefficients, or exponents. As you navigate
to the various components, pressing DOWN ARROW lets you drill down into and navigate within that level of the equation using LEFT and RIGHT ARROW. Pressing
UP ARROW moves you back to the prior level. In addition, if you have a Braille display and JAWS is set to United States English or Unified English Braille
Grade 1 or Grade 2, math equations or formulas are displayed in Nemeth Braille. Pressing ESC closes the Math Viewer and return to the document.

Other Changes

• To accommodate the new Volume layer keystrokes, the layered command to access the Braille and Text Viewer layer is now INSERT+SPACEBAR, B.
• When using the Convenient OCR feature to recognize the current control, screen, or window, you now have the option to use the Microsoft OCR engine as
this may provide better OCR results for onscreen images than OmniPage, which is the default. For example, if you press INSERT+SPACEBAR, followed by O,
and then W to recognize the graphical window in an application and you find the results less than satisfactory, open Settings Center, select the Use Microsoft
OCR For Screen Recognitions check box, and then try the OCR again.
• You can now have both the Avoid speech cut off when using Bluetooth headphones or some sound cards and Lower audio volume of programs while JAWS speaks
options enabled at the same time in Settings Center. Previously, these two features could not be used together.
• When using the mouse to select text in Outlook messages, resolved a long standing issue where pressing CTRL+C was not copying the selected text to the
Clipboard as expected. This only worked if text was selected using the keyboard.
• Resolved issues where JAWS and Fusion were not reading as expected when tabbing through links in Outlook messages.
• In response to customer feedback, improved the description of the Speak Window Titles for Read-Only Messages Automatically Quick Settings option.
• JAWS no longer says “no selection” while navigating through slides while editing a PowerPoint presentation.
• In Excel, you can now select a range of cells on the current worksheet similar to how you select a block of text using a PlaceMarker in Word. To do this
in Excel, press INSERT+WINDOWS+K to set a cell marker on the cell where you want to begin the selection, move to another location on the same worksheet,
and then press INSERT+SPACEBAR followed by M to select the cells between the mark and the current location.
• Resolved an issue where the Windows 10 Mail app would close unexpectedly when replying to a forwarded message and you navigate the message contents using
JAWS.
• Addressed a reported issue where JAWS was not always correctly reading content inside of an HTML span tag in some situations.
• JAWS now continuously announces autocomplete information in the web browser address bar as you type.
• Addressed a reported issue where JAWS was not reading properly in the edit window of the TextPad application on certain systems with higher DPI display
settings.
• Addressed an issue with Libre Office Writer where JAWS focus was not in the document when the application was first opened.
• Added an updated 64-bit braille display driver from Handy Tech and also added a new driver from Eurobraille for their Esys and Iris braille displays.
• Resolved an intermittent issue where JAWS would unexpectedly close when attempting to connect to a braille display over Bluetooth.
• Improved the user experience when using JAWS with the Visual Studio Code application. This includes turning off the Virtual PC Cursor by default, eliminating
the announcement of ARIA regions, and removing the announcement of a long URL when the program is launched.

We took this information from the Whats new page for Jaws. We hope that you find this information of inteerest.

Comments (0)

Ticketmaster pays $10 million for misuse of data

Well, finally someone pays for doing harm. I believe this article was supposed to say ticketmaster, but it is ticketmaster. Turns out, they were able to obtain passwords and other stuff to look at what their rivals were up to, so they can have an upper edge.

Does a 10 million dollar fine cover the overall cost of the rival company going after them to determine what was going on? Maybe it does, maybe it doesn’t.

To make things interesting, a paragraph of the article says:

The rival company didn’t know that one of its former employees had leaked logins to Ticketmaster, which used them to gather information in the mid-2010s
about the competitor’s technology and other aspects of its business.

While the feds didn’t name the company, this article claims that it is a company I don’t think I’ve heard of called Songkick. This is a New York Times article on Songkick which is linked within the article I’ll be linking.

“Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law. This investigation
is a perfect example of why these laws exist — to protect consumers from being cheated in what should be a fair market place,” said FBI Assistant Director-in-Charge
William F. Sweeney Jr.

The $10 million fine against Ticketmaster — a wholly owned subsidiary of entertainment giant Live Nation — settles five criminal charges for illegal computer
access and fraud. In a related case in October, Zeeshan Zaidi, the former head of Ticketmaster’s Artist Services division, pleaded guilty to charges of
conspiring to commit computer intrusions and wire fraud.

Under the deal with the feds, Ticketmaster also must maintain a compliance and ethics program “designed to prevent and detect violations of the Computer
Fraud and Abuse Act and other applicable laws, and to prevent the unauthorized and unlawful acquisition of confidential information belonging to its competitors.”

This is quite interesting and when I read that, I just had to shake my head. This was quite an interesting article and lots of things are linked within it.

Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company is the article, and I hope that this is a lesson to others, the feds are waiting.

Comments (0)

Microsoft comes out, says source code was accessed

If this strange story of Solar Winds isn’t strange enough, I read an article that indicated that the hackers may have accessed source code from Microsoft.

According to the very first paragraph, the article starts out by saying:

Microsoft said Thursday that the SolarWinds hackers were able to access company source code, although the technology giant described the incident as largely
harmless in an update to an internal investigation.

Accessing source code is harmless? I believe that really depends on the source that was accessed, in my opinion. Some code may be considered sacred and not to be out in the wrong hands., while others maybe not so much.

There are linked items that might be of interest, but one paragraph says:

Microsoft “found no evidence of access to production services or customer data. The investigation, which is ongoing, has also found no indications that
our systems were used to attack others,” it said.

This is probably a good thing, seeing how other networks have been breached and we don’t know by how miuch or if anything is taken.

Microsoft has dubbed the SolarWinds cyberattack “Solorigate,” something cybersecurity firm FireEye has called SUNBURST.

Different people in the industry are going to call this by different names, and we shouldn’t be alarmed by different names by different companies.

Would you like to read more? Microsoft says SolarWinds hackers accessed company source code is the article, and this just goes on the “this is getting interesting” department.

Comments (0)

Another t-mobile breach, the 4th in several years

Are you effected by the t-mobile breach that is now coming to light? The article is written today, January 4, 2021: and this looks to be quite interesting as this isn’t the first by the looks of things.

Here are three paragraphs.

T-Mobile says that it “recently identified and quickly shut down” a data breach that included call-related information about some accounts.

The wireless telecommunication firm said in a notice mailed to some customers in late December that the incident “may have included phone number, number
of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”

It’s the fourth data breach that the company has acknowledged within the last three years. T-Mobile, which completed a merger with Sprint in April 2020,
also disclosed incidents that occurred in March 2020, November 2019 and August 2018.

I’m happy that they identified this 4th breach quickly, what about the other three? The article continues:

The company called the intrusion “malicious, unauthorized access,” but did not release details about the suspected intruders or their methods. Personally
identifiable information was not affected in this latest breach, T-Mobile said.

“The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers,
tax ID, passwords, or PINs,” the company said, adding that it had contacted cybersecurity experts and federal law enforcement about the breach

Even though it doesn’t have personal information involved, we learn:

The affected data is known as customer proprietary network information, and although it might not contain the names or other identifying information of customers, the Federal Communications Commission still considers it sensitive in nature.

If you’re a t-mobile customer, the boards await you.

To read more: T-Mobile: Breach exposed call information for some customers

Comments (0)

Did you know Solar Winds may be on the grid? Check this out and let us discuss

The deadline for regulators to get answers is tomorrow, and I saw this article today although it was written during the end of the year stuff that Cyberscoop published.

The beginning of the article and several paragraphs are as follows.

The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected
Russian hacking operation, and the regulator advised utilities that the vulnerability “poses a potential threat” to parts of the power sector.

The North American Electric Reliability Corp. (NERC), a not-for-profit regulatory authority backed by the U.S. and Canadian governments, said in a Dec.
22 advisory to electric utilities that there was no evidence indicating that the malicious tampering of SolarWinds software had impacted power systems.
But the fact that software made by Texas-based firm SolarWinds is used in the electric sector has made vigilance important, according to NERC.

“At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise,” reads
the advisory, which CyberScoop obtained. “However, the presence of SolarWinds Orion Products in the enterprise networks of registered entities exposes
them to the vulnerability and exploitation by the [advanced persistent threat] actor and poses a potential threat to BPS reliability.”

The article goes on to indicate that Cozy Bear or APT 29 are at the center of what is an ongoing investigation. I still don’t want to say for certain that they are to blame, and I don’t want to say for certain that China is to blame. I have a feeling that we are still too early to determine whether or not either party is to blame, although indicators in articles that I’ve published and linked to in the reissue of the show notes from podcast 24 state that Russia is to blame.

What you’ll hear in the upcoming episode of the Security Box, are two segments that talk about Solar Winds, one from the December 15th episode when we found out that Crowd Strike was targeted way back on December 8, 2020. The second, which was part of the last podcast of 2020 in their series, catches up on some of the other stuff that was talked about and speculated. In the reissue of podcast 24, I link to all of the articles that I had read from that time.

Continuing: we take this paragraph which I think is important. It says:

“Supply chain compromises, like SolarWinds, provide illicit and malicious access to OT environments facilitating possible disruption,” said Sergio Caltagirone,
vice president of threat intelligence at Dragos, a Maryland-based firm.

I believe that the supply chain attack is going to be taking on new heights after Solar Winds is done, but how much, we just don’t know.

NERC regularly collects information from utilities in response to cyberthreats. But this particular questionnaire exemplifies how the hunt for information
related to the suspected Russian hacking operation is very much ongoing in the private sector as it is in government.

This is very important information to swallow. We still have a lot to learn, and it is involved in both public and private sectors. Some companies are not coming out yet, while others have.

In a statement to CyberScoop, NERC said it, along with the E-ISAC, the electricity industry’s threat-sharing hub, “continue to monitor the recent supply
chain compromises by advanced persistent threat actors” and their potential impact on the industry.

Did you think you should have started this process when it was only hacks of credit card and other personal data before it came to this? Is this the first supply chain attack of this scale or the first supply chain attack ever? That … I’m not sure.

Finally, the last paragraph says:

“We are working closely with the Electricity Subsector Coordinating Council, the Department of Energy, the Department of Homeland Security, the Federal
Energy Regulatory Commission, our Canadian partners and others, and will continue to collaborate and stay on the forefront of this event,” NERC said. “The
quick response and level of engagement highlights the strong public-private partnerships, which are vital to safeguard the North American bulk power system.”

I hope that you would work with the appropriate people to see how you don’t get targeted and protect yourself and the people you serve in a timely manner.

What to read:

The article has links to other stuff, and you can read further than what I’ve quoted and commented on for this blog.

Comments (0)

Solar Winds and the law, who is at fault if multiple parties are at play?

I honestly do not know if I published thoughts or even talked about the legal problems that may be coming out because of the Solar Winds fiasco of 2020.

As we turn the page in the new year, I’m hoping that we get a handle on this breach, give proper attribution, find a way to get the people involved in this breach in some kind of trouble and find a way to do a much better job at protecting ourselves.

In November, Home Depot settled for the 2014 breach that occurred that was not impressive for its time.

The article says in part:

As Congress, federal government departments and corporations reckon with the vast sweep of the SolarWinds breach, there are still many more questions than
answers. Fewer pieces of it are less certain than how it might play out in court, where companies and individuals alike stand to gain or lose. Many millions
of dollars, corporate blame and years of finger-pointing are on the line.

That’s because the targets — government agencies, and some major companies — aren’t the usual kind of victims, nor has anyone yet figured out the full
scope of the damage and where the blame fully lies.

In this case, legal experts say, the winners and losers are especially hard to predict.

“I think it’ll be a few more months, if not years, until we really understand all the legal theories people are going to try,” said David Springer, an
attorney at Bracewell for companies responding to cybersecurity incidents.

We aren’t sure who is going to win or lose in this, and it may even take more time to figure out what is going on.

In the next Security Box, episode 26, we will play throughout the program two segments from two Security Now programs where Steve catches up the listeners on what is going on.

You can definitely search Solar Winds and find my three part massive series and thoughts dealing with the massive breach, and as we turn the page, we’ll more than likely learn more about what this breach has done to this security landscape.

As I recently blogged during the holiday break Crowd Strike was targeted but yet was the beginning of the bigger problem. I also recently blogged about the former employee telling the company that a breach was possible, and the company did absolutely nothing. That is absolutely uncalled for in this day and age, especially when lawmakers and regulaters come knocking with letters asking questions.

One of the paragraphs says:

“We’re getting into fourth and fifth and sixth party risk,” said Nate Smolenski, Corvus Insurance’s chief information security officer. “This is where
all the scary stuff happens.”

4th, 5th and 6th party problems? If this is true, than the article I read and published just recently and relinked here is wrong, because of the fact that the company did everything right! I don’t hardly believe that, and I don’t buy it.

There are several headings:

    Calm before the legal storm

  • The regulatory picture

and the article was quite interesting to read just the same. The article is entitled SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage? and I hope that people get a good read out of this. This is more than not ending any time soon, and the new year will bring more news of all of this. Thoughts?>

Comments (0)

In 2017, Ian Thornton-Trump said a breach was inevitable, company did nothing

To get this article to read, I had to select reader view in firefox, the Daily Mail web site is aweful!

Be that as it may, this article is definitely worth the trouble, as Ian Thornton-Trump, a former employee at Solar Winds, indicated in 2017 that a breach was inevitible.

Ian Thornton-Trump, a former cybersecurity adviser at SolarWinds, said he urged management in 2017 to take a more aggressive approach with its internal
security, warning that a cybersecurity episode would be ‘catastrophic’, according to a New York Times report published Saturday.

The article then goes on to say that since the move to Eastern Europe where some of the development to the software took place, and Russian operatives have ties there, could have lead to this breach. The cost savings by moving the devlopment aspect to Europe may have cost them, as the article states.

The article does state that there is no cybersecurity person at the company, and not having someone who can help fend off attacks like the one we have witnessed could possibly cost this company.

Want to read more? Select reader view in your browser for best results, SolarWinds was warned about potential cyber attack, cost-saving move to Europe may have exposed firm is the article title, let the comments begin!

Comments (0)

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu