The Security Box, podcast 32: Part 1 of Keystroke Loggers from blog The Technology blog and podcast

The Security Box, podcast 32: Part 1 of Keystroke Loggers

Hello folks,

On this edition of the podcast, we start a discussion of keuystroke loggers. As indicated in the last podcast announcement, we do have some tracks, but they’re short and don’t take a lot of time. The program is still much shorter than the program’s broadcasting length on the mix, and we’ll see how it goes for podcast 33. We’ve got news, notes and more. I’d be interested on what people think of our “things to ponder segment” which starts the program. Thanks so much for listening!

Don’t want to deal with the RSS feed? No problem! Here is the 141.06 file for you to download.

Now, without any further ado, here are the show notes for this program, and thanks so much for listening, reading and participating!

Welcome to the security box, podcast 32. On this edition of the program, we’re going to talk about keystroke loggers. I found a Wikipedia article which is detailed and there could be a possibility that this goes in to multiple weeks. We’ll also have news, notes, questions, comments and even a “things to ponder” segment to boot.

Topic, Keystroke logging:

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

Things to Ponder

During last week’s program, we were still learning about the possible issue in a small town in Florida that could’ve had some serious problems with its water supply if it weren’t for a worker noticing something as simple as a mouse moving. In this things to ponder segment, I talk about what we’ve learned to date, and its quite interesting. To date, I have two sources you can read more, one an article by our good companion Brian Krebs, the other from CISA. You should read them both, and of course listen to what my thoughts are and participate.

• What’s most interesting about the Florida water system hack? That we heard about it at all. Krebs on Security
• Alert (AA21-042A) Compromise of U.S. Water Treatment Facility CISA

I hope you’ll participate in this interesting story.

News, notes and more:

This is the news, notes and other commentary from around the web. Where appropriate, links to any articles may be possible.

• I was told on February 15th about a 60 minutes piece on Solar Winds and the potential hack or lack there of where the Russians were possibly involved. On my own Internet Radio show for Sunday, I talked about one such story where a tech story like this was found on my local news site KNX some month after I saw it in publications like Cyberscoop. This doesn’t necessarily surprise me that Solar Winds was covered on 60 minutes, it is a national syndicated program and is well respected. I respect them, but this is now old news, but yet I don’t know what they really had to say about the attack so I can’t ccomment further.
• While I’ve not been blogging like I really should, we can’t skip patch Tuesday. Besides Windows, its a good idea to check for updates on other software such as Adobe Reader, and even software you use on a more frequent basis. As usually the case, Trend Micro and Krebs on Security are the two places where I get coverage on the patches. If you have not gotten your updates, you should be soon. Please reboot if necessary. For February, there were 56 vulnerabilities, according to Krebs. 9 of these are the most critical, according to the article. To date, over 1700 CVE’s have been already disclosed this year. The CVE this time is CVE-2021-1732 affects Windows 10, server 2016 and later. According to Trend Micro, 7 of the vulnerabilities were disclosed via the Zero Day initiative (zdi) program. According to the Trend Micro article, 3 out of the 9 critical issues are in networking aspects of Windows. Please read Microsoft Patch Tuesday, February 2021 Edition and February Patch Tuesday Fixes 11 Critical Bugs for complete details.
• While Emotet was dismantled as well as other gangs, we can’t let our guard down. There are other things that are out there that can take its place, or even it being used as a stepping stone to other attacks across your network. According to the article, a paragraph states:
  

  In 2020, Emotet, Trickbot, and ZLoader were the loaders of choice for actors, contributing to 78% of the overall loader volume. 

  In 2021, trickbot and z-loader are still being used according to Phishlabs. Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In should be read for the complete details. According to the Cyberwire Daily, seems as though Emotet is still going, even though infrastructure was disrupted by arrests of people.

• While I’m behind on Trend Micro’s week in security postings as of late, I did come across some good news for a change which I always like to cover. The most recent article I’ve read in regards to arrests and seizures of infrastructure and domains deal with NetWalker’s ransomware gang. This is an article that our good friend Mr. Krebs covers. He describes what Netwalker is up to, the fact they are a ransomware as a service (raas) and how the domain or multiple domains were used. Its well worth the read, so check out the article Arrest, Seizures Tied to Netwalker Ransomware for all of the complete details.
• Speaking of arrests, I read an article back on the 10th talking about the arrest of people involved with a phishing kit. According to this article, this phishing kit had a web control panel that would give you information as well as access to phishing templates and the like. The article Arrest, Raids Tied to ‘U-Admin’ Phishing Kit should be read for all of the complete details.
• I don’t believe facebook for one minute. According to an article, Facebook, TikTok, Instagram and Twitter will target stolen accounts. How, I’m not exactly sure, but Facebook has been known to allow this type of thing. Instagram is part of their brand now, but I could see TikTok and Twitter having a stance. The article was written by mr. Krebs, and its a good article to read. The article talks about how these accounts are taken from legit users. The TTP’s include but are not limited to: Besides intimidation and harassment tactics, they use hacking, coercion, , sextortion, sim swapping and swatting. There is a forum called OG users which Brian covers in this well written article, and I urge everyone to read it. Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts is the article.

Lots to read and comment on, let your voice be heard!

Informazioni sull'articolo

The Security Box, podcast 32: Part 1 of Keystroke Loggers was released on February 20, 2021 at 2:30 pm by tech in podcast announcements.
Last modified: February 20, 2021.

Comments (0)

No comments yet.

You must be logged in to post a comment.

go to sections menu