go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: March 2021

Go to Homepage [0], contents or to navigation menu

With status you may get malware named after you

Krebs On Security has been around for many years now, and recently celebrated a birthday in December. With the aging of the domain and the excellent writing comes the potential of your name and likeness to come in to light in malware.

In an article titled No, I Did Not Hack Your MS Exchange Server Brian Krebs talks about a domain that is not safe to go to called KrebOnSecurity_top and it is not a good web site to go to.

I put the underline in place of the dot, instead of putting brackets which is common to show not safe urll’s when writing about them.

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.

David Watson who is a long time member of the Shadow Server Foundation was quoted within this article. It says:

David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server’s emails).

According to this article, the new place the attackers are utalizing is quite different than things the Shadow Server has ever seen. There are at least 367 web shell access points, according to the article.

There’s tons more to read including on what the krebsonsecurity.exe file does including the ip mentioned within the article.

No, I Did Not Hack Your MS Exchange Server is the article that you should read, and thanks for reading!

Comments (0)

Krebs on security covers Woodland Hills, California: but this company … isn’t all that great

I’ve lived in Woodland Hills, California for all of my life. When going through Krebs on Security and coming across an article talking about it was quite interesting except for the shadiness of at least one character who has been trying to make business work for him.

The article is entitled RedTorch Formed from Ashes of Norse Corp. and talks about a couple of people who haven’t found their business instincts yet. Since there are a lot of links to various things including a link to Woodland Hills via Wikipedia, you might just want to read it.

The main heading of the article asks the question of who is redtorch? To read it, and the characters who need to figure it out before our LAPD does, click on over and read it.

Comments (0)

Here’s some of what I’ve read of late

While I’d love to put everything in news notes that I’ve read, I’ve realized that instead of throwing it away, I’d put it up here like I used to do.

I may cover some of these in future articles, I know I’m going to at least cover one which kind of hits home for me just a little bit. My goal was to blog everything in news notes, but I’m finding it a little bit difficult, so I think this is going to be good unless I am able to do it. I started to, but then it became a little much.

Maybe this will be a great compromise.

Comments (0)

This week in security news, news ending March 26, 2021

There’s always something good to look at in News Notes from Trend Micro. One of the things that might be of interest is that a Swis security firm may have access to servers that were used for the biggest breach in 2020 to date, the Solar Winds hack.

Instead of me talking about what I think you might want to read, I’ll just link to the article This Week in Security News – March 26, 2021 for all of the details. I hope you’ll find something of interest to read.

Comments (0)

This week in Security news, news ending March 26, 2021

I’m going to try and keep up now, at least on the security front and Trend Micro’s news. Lots to see here. One of the things that may be of value is that a Swis firm may have a line on a server that was used for the Solar Winds breach that happened in December 2020, and was long lived as this was well orchestrated and a good job it was at that. Hackers are going around infecting developers of apple, websites that host cracks are now spreading malware, Purple fox is back, and much much more.

If you click through to read the post from Trend Micro, what did you think? I look forward in hearing from you.

This Week in Security News – March 26, 2021 is the article and I hope you find something that is of interest for you to read.

Comments (0)

Turning the Tide: Security Predictions 2021

This video was done by Trend Micro and was quite interesting. This is the first time I’ve seen a video on their predictions for 2021, usually its in writing. This definitely was a very interesting video to watch, and you might find it of value too. If possible, we’ll be playing the video on the Security box for people to listen to and comment. The video lasts 40 minutes, and if you watch it and comment here, let us know if we can air your comments and I’ll be happy to put it together.

Here’s the link to the video.

Comments (0)

The Security box, podcast 36: Choosing a good password manager

Happy Saturday folks, welcome to the security box for this week. I normally get the blog up within 24 hours, better late than never posting it at all.

The show notes are extensive as normal, and I think its the way to go so people can read my thoughts on the items as well as listening to them on the podcast.

The RSS has had the program up, Here is the link to the RSS for those who need it.

Don’t have RSS? Here is the 156.28mb file for you to get.

I hope those who listen find the shows of value, and I’ll be back this coming Wednesday on the independent channel of the mix’s suite of servers for another edition of the program.

Have you really thought on password managers lately? If not, the main topic may be of interest to you. While there were no calls this week, I feel the way I did the notations and lead the discussion, may make you think about whether its time to get one.

Welcome to podcast 36 of the security box. On this edition of the program, we’ll be talking about password managers. Herbie Allen is along with a Things to Ponder section talking about Scams, one in particular dealing with Amazon. We also have a webinar that will be of interest from F-secure. We’ll have news, notes and more. Hope you’ll enjoy the program!

Topic: Choosing a good password manager

Lastpass writes good articles, and this one is no different. How would you choose a good password manager? There are 5 different things that could make your decision that are highlighted within this article. They include:

  • How many devices do you own? 
  • What are those devices (Android, Apple)? 
  • Who do you need to share with? 
  • What other type of information would you want to store besides passwords? 
  • Are you concerned about data breaches and your personal information being at risk? 

While the article talks about Lastpass features, the heading entitled “Choosing a password manager ” goes in to detail about the different teers of Lastpass. There are definitely alternitives, and you can explore those alternitives. While Lastpass has lots of features, you don’t need all of these features, and you alone need to decide what will work for you.

Webinar: Attackers Get Personal | F-Secure Live Webcast

Over the weekend, I had decided to go through Youtube and found this very interesting webinar. It talked about three different topics by three different people.

About the webinar:

Taken from Youtube directly it states:

Get an inside view into the cyber threats that challenge our recovery from the pandemic and beyond.

Highlights from the Threat Landscape – Christine Bejerasco

2020 was an unprecedented year. But did this reflect in the threat landscape? Christine takes a look at various areas that highlight some of the threats recently encountered.

Healthcare data under attack – Mikko Hyppönen

The healthcare industry’s outdated IT and security infrastructure has caught the attention of cyber criminals, right when we need it the most. Mikko will discuss what we can do to secure our most essential industry.

Thinking like an attacker – Tomi Tuominen

The different stages of a targeted attack keep evolving. Tomi offers the latest insight into how attackers think and how to make their life more difficult.

Topic covered

  • Which threats businesses must face
  • How cyber criminals threaten the health care sector
  • Why a good cyber defense depends on seeing weaknesses through an attackers’ perspective

What to Watch

Things to ponder

Herbie Allen, main owner of the Mix, will be submitting something of interest dealing with scams and Amazon. Its a three minute listen, and we can open it up to thoughts on that. I later show a recent text message, go through the link, and show you what going on with the link.

News Notes and commentary

  • Fiserv used an unclaimned domain that sent out email to customers to do various email tasks like varifying accounts, automating password resets and other tasks that may not have been thought of. A researcher, Abraham Vegh,, contacted Krebs on Security to discuss what he found with the elicit domain which he baught to see what he was seeing. Some of what he saw included bounce messages, messages for out of office replies and even more. To read more, read the Krebs on Security article entitled Fintech Giant Fiserv Used Unclaimed Domain for all of the details.
  • Is it really time to get rid of SMS verification?I think it’ll be time sooner than later. Customer service representatives can be tricked in to changing account info, especially if they are low paid, according to the article from Krebs on Security. The article talks about a company called Sakari , who offers a $16 product that allows you to receive text messages from any phone number in the United States. The letter of authorization that needed to be signed by the customer indicated that it could not be used for harassment, inappropriate behavior, or possibly violating the law. As the researcher has indicated, people were able to sign up with the service and do what they want. When approached with more detail, the researcher in question said that it was not just this company that can do this. The article goes in to more detail on this research including Sim Swapping and possibly other tactics that might be used. The question: Can We Stop Pretending SMS Is Secure Now? should be asked and the article is well worth the read.
  • You think Joker and his stash of jokes are gone? Let’s think again. According to a Trend Micro report, not so fast. I’m not sure what happened to the article, somehow something happened where parts may be missing. We’ll link it here, but they’re back to their old tricks that may be new. This article talks about signing up for services by selecting the phone operator, put in the MSISDN (Mobile Subscriber Integrated Services Digital Network,) get a One Time Password, enter that code and bingo, you’re subscribed to services. While the text I have may have been truncated, the article should be read just the same. No Laughing Matter: Joker’s Latest Ploy is the article, take this very seriously.
  • Think using one password was absolutely safe? Better think again. According to an article by Lastpass’s Amber Steel, hackers found a username and password online, used it, and gained access to 150,000 cameras in places like schools, fire departments, offices, gyms and more. These are security cameras for some 24,000 customers. The article linked here will have more. 150,000 Security Cameras Hacked Because of One Password is the article, give it a read. Think about changing your password immediately.
  • WeLeak.Info is back in the news, but probabluy not in a good way. According to an article by Krebs on Security, the site now leaks information about the customers that were at the site buying and selling information. The first paragraph says:

    A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo
    let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

    The article talks about putting an email address in the site, and getting all possible passwords available with that email address. There’s more, WeLeakInfo Leaked Customer Payment Info is the article, better take a look at it.

  • Finally, we’ve got some good news in two members getting arrested and charged. These two have also been sentenced as well. According to the article, “in fraud we trust” is the mantra of the group, and the two people are named Sergey Medvedev of Russia and Marko Leopard of North Macedonia. There’s more to the story, so read Two Infraud members sentenced for role in $568 million crime gang, US says and we hope that it will be called “In Fraud we don’t trust” in the future.

Thanks so much for listening to today’s program and reading the accompanying notations. We hope you’ve enjoyed the program as much as I have putting it together for you, and make it a great day!

Comments (0)

Firefox 87 has just been installed here

Hello folks,

Just running firefox as I wanted to do something and it popped up a notice that installed firefox 87/. Tjhere are some accessibility changes as well as security changes.

POne of the things they highlight is that they now work with the Mac’s Voiceover program. I don’t know if it works with IOS, I have not tried. Be that as it may, I think this is important for those who want a choice in browser.

My limited use of the Mac (2017) indicated that I could use Safari and Chrome and both seemed to work. Now you can add a third browser if you’re using the Mac.

To read all of the release notes from Mozilla, head on over to this link to read them and let me know what interested you in these notes.

Thanks so much for reading, and make it a great day!

Comments (0)

How would you choose the best password manager for you? Lastpass has some ideas

Lastpass always has some great articles that I find that could be covered. As the work from home option remains in effect, its now more important for you to choose something that works for you.

There are specific questions the article asks which need to be thought of. It covers things like how many devices are used, the type of devices that are used, how many passwords and other types of information may be stored, whether you’re concerned of potential data breaches, and who needs the information that you have that you need to share with.

When getting the best out of your password manager, Lastpass talks about their various teers of service and asks if the password manager you decide to choose provides what they’re highlighting are in the manager you choose.

I think this article is of important, and we’ll definitely be talking about this on the Box this week. I feel that this is of importance.

If you use a password manager, what do you use and why? If you don’t, what is holding you back?

Comments (0)

Attackers Get Personal | F-Secure Live Webcast | Christine Bejerasco, Mi…

The other day, I was looking in my Youtube feed and found something I thought would be interesting to share, and even have it aired on the Security Box. Attackers Get Personal | F-Secure Live Webcast | Christine Bejerasco, Mi… is the webinar hosted by F-secure and several people including Mikko Hyponen is there. Hope you enjoy it.

Comments (0)

The Technology podcast series presents podcast 35 of the Security Box, audio-centric applications like clubhouse

Welcome to the security box, podcast 35. The program I thoink was very interesting, and we covered everything I had on file.

I’m thinkking of changing the show notes for the RSS to have just the links to things, and the extended version for the blog as I have done it done a little bit differently.

The The RSS feed has the program and had it Wednesday.

Don’t want to deal with RSS? Here is the 91.31mb file for each of you to download.

Show notes

Welcome to the security box, podcast 35. We talk about Clubhouse, the security of audio apps like clubhouse and what experts are saying. We also have news, notes, questions, comments and more. Enjoy!

Topic: Apps like Club House and audio-centric apps and their security

Sex workers, for instance, have historically encountered abuse, harassment and employment discrimination in instances when aspects of their private lives
are made public. The issue is particularly acute on Clubhouse, where users must agree to share their list of contacts with the app in order to invite a
friend. Even users who declined to share their contacts with the app could have identifying information exposed in the event that one of their contacts
authorizes Clubhouse to access their information. 

The result has been to inadvertently out sex workers, and then make it difficult for affected parties to delete their account, and thus protect themselves, as Mashable reported. 

Is it necessary for apps like this to mass collect contact details of everyone on their phone? Linkedin, the work version of Facebook, collects contacts so if they do join, you’re notified. I don’t have a problem with this practice, but Facebook, Twitter and even Club House seem to collect data just because. Facebook has notified me of people joining, but I may have telephone numbers for doctors and the like that will become theirs. Google Voice and Hangouts utalize the contacts for me to use Google to call them, and I’ve not had a problem with me giving that permission. I believe Whats App even does this.

According to the article, researchers at Stanford University Agora Inc. transferred information of clubhouse users to servers in China. They are a Shanghai-based provider of engagement software. They apparently transmitted Clubhouse users’ ID numbers and chatroom ID details, though not their username, in plaintext. The discovery meant that Agora would have had access to some raw Clubhouse audio files, and as a China-based company could be required to provide that information to the communist government. 

I read clubhouse’s rules and how they intended recordings to be managed, and how the recording is during the time of the room’s creation and how it is deleted if nobody flags it as part of a review process for abuse.

There were other aspects talked about in this article that came to light, and will be addressed, according to clubhouse representatives.

In another article, Trend Micro talks about the security implications of apps like Clubhouse and the potential of information being stolen. Some of these applications can even be used for command and control servers, (C&C) for short. Trend Micro has information on sample attacks that can be used on apps like this.

The attack points are: Network Traffic Interception and Wiretapping, User Impersonation and Deepfake Voice, Opportunistic Recording, Harassment and Blackmailing, Underground Services, and Audio Covert Channels.

There are best practices Trend Micro recommends.

  • Join public rooms and speak as if in public. Users should only say things that they are comfortable sharing with the public, as there is a possibility
    that someone in the virtual room is recording (even if recording without written consent is against the Terms of Service of most, if not all, of these
  • Do not trust someone by their name alone. These apps currently have no account-verification processes implemented; always double-check that the bio,
    username, and linked social media contacts are authentic.
  • Only grant the necessary permissions and share the needed data. For example, if users don’t want the apps to collect all data from their address book,
    they can deny the permission requested.

The article even has information here for providers to implement if they haven’t done so already. They include:

  • Do not store secrets (such as credentials and API keys) in the app. We have found cases of apps embedding  credentials in plain text right in the app
    manifest, which would allow any malicious actor to impersonate them on third-party services.
  • Offer encrypted private calls. While there are certainly some trade-offs between performance and encryption, state-of-the-art messaging apps support
    encrypted group conversations; their use case is different, but we believe that future audio-only social networks should offer a privacy level on par with
    their text-based equivalent. For example, Secure Realtime Transport Protocol (SRTP)
    should be used instead of RTP.
  • User account verification. None of the audio-only social networks currently support verified accounts like Twitter, Facebook or Instagram do, and we
    have  already seen fake accounts appearing on some of them. While waiting for account-verification features, we recommend users to manually check whether the account they’re interacting with is genuine (e.g., check the number of followers or connected social network accounts).
  • Real-time content analysis. All of the content-moderation challenges that traditional social networks face are harder on audio- or video-only social
    networks because it’s intrinsically harder to analyze audio (or video) than text (i.e., speech-to-text takes resources). On the one hand, there’s a clear
    privacy challenge that arises if these services implement content inspection (because it  means that they have a way to tap into the audio streams). However,
     content inspection offers some benefits, for instance, in prioritizing incidents.

What to read:

h2> News Notes

  • I’m being told that Philmore Productions plans to get rid of their privacy policy and terms of service, not like they were utalizing them anyway, but this could be big news if Philmore gets potentially litigated in the future.
  • Last podcast, I talked a little bit about an article that was part of this week in security news which I’m a bit behind on. Long story short, there are a lot of numbers in this article entitled 119,000 Threats Per Minute Detected in 2020 which wasquite interesting. Phishing is still the the main vector and the Pandemic isn’t helping much. Email threats which include Phishing are 91 percent of the threats according to the Trend Micro report. 14 million detected URL’s were detected with home networks the primary target, according to the article. There’s more to read, Sarah did a great job covering this for the Info Security Magazine.
  • As usual, Windows has their updates that came out, and we have the two articles from Krebs on Security and Trend Micro. According to Krebs on Security, there are over 82 flaws in Windows and supported software. 10 of these are critical, meaning that they can be exploited without you having to do much of anything. One of the biggest flaws is within IE 11 or older edge. Its got a CVE number, and as we know IE11 isn’t really being supported by web sites anymore, especially with sites possibly going to SSL version 1.2 like Live Wire did. Trend Micro says that there are close to 100, almost doubling the amount of patches from last month. Podcast 808 covered the exchange flaws and its big enough news that we really don’t know how many people are effected. Trend Micro says that 14 are critical and the rest are important. Both articles are worth the read.
  • How has Emotet been doing since we talked about its takedown? According to an article, it talks about the story of several members behind this botnet, but it does state there are members at large. that will more than likely go elsewhere because they’re funded and well funded at best. This is a Trend Micro article, Emotet One Month After the Takedown is the article, and it was a good one.
  • On the third of March, I read about an article where scammers took some control over a cloud security firm named Qualys. This article comes from Cyberscoop’s Sean Lyngaas. According to the article, Qualys CISO Ben Carr said the attackers had accessed files hosted on an Accellion server. . Mandiant has been hired in the case, and I’m sure that it’ll be a hot topic of late. Cloud security firm Qualys reportedly victimized by prolific scammers is the article.
  • Have you ever heard of ransomware hackers turning to virtual machines to do their dirty work? An article I read near the end of February was quite interesting, and you may find this of interest too. The article is quoted in saying:

    Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity
    of the operating software.

    CrowdStrike is mentioned in here because the hypervisor computrer servers that organizations use are now being used to deploy their schemes. There’s plenty to read here, Ransomware hackers turn to virtual machine software to boost extortion schemes i what you need to read.

  • There are numerous articles in regards to the massive problem at Microsoft with their exchange server problems. Krebs on Security indicates, and I have heard this on podcasts, that this started as early as January 2021. All of the articles linked within this section were of value, and I don’t want to miss anything.
  • Thanks for listening, and make it a great day!

    Comments (0)

    119k Threats Per Minute Detected in 2020

    I talked about this article last week, and I’ve finally gotten a chance to read it. Its definitely worth the read, and I want to blog it here for people to see. Wow.

    Trend Micro found and blocked more than 62.6 billion cyber-threats last year

    Source: 119k Threats Per Minute Detected in 2020

    Comments (0)

    Hims announces new note taker

    I saw this briefly either on Thursday or Friday when looking for something specific on blind bargains, but I didn’t get a chance to read it till now. Hims looks like they’ve been busy with a 32-cell version of their note taker. It succeeds the polaris, and this model looks like its got some awesome stuff.

    Want to learn more? Breaking: Hims Announces BrailleSense 6 Notetaker at #CSUNATC21 was written by JJ over at blind bargains, so check it out if it interests you.

    Comments (0)

    The Security Box, podcast 34: The Rest of Keylogging, news, notes, note takers and their security, a very interesting video and more

    This week had no listeners on the live recording of today’s program but that’s OK. It is going to happen. I present you program 34 and its accompanying show notes for you to enjoy. If you have comments, please feel free to contact me.

    Here is 130.94mb file for everyone to get. Its on the RSS feed already.

    Here are the show notes.

    Welcome to podcast 34 of the Security Box. On this edition, we’ll pick up where we left off on the Key Logging aspect of our discussion and we’ll have news, notes, commentary and more. We also have something from Michael in Tennessee who sent us a video of 12 Android apps you must get rid of. Some of these, are quite interesting. Hope you enjoy the program as much as I am bringing it together for you.

    Topic: Continuing Key Stroke Logging

    This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

    News Notes and More

      This Tech blog post: Wetransfer has now joined the services that can be and has now been abused for Phishing Lures covers my thoughts on this and gives an example of a link that is valid verses the link that they show that is not valid and could lead to some big time problems. Zloader is the malware out there and I link and will link to the article from Phishlabs Surge in ZLoader Attacks Observed so that you can read my thoughts, or just decide to read Phishlabs coverage on this.
    • Looks like Lastpass is offering the ability to allow people to use SMS or voice calling for their second factor. I’m a little bit confused because I thought we can select it as well as our already existing two-factor method like the app or SMS already. This is the best thing that can come out of it, having a second factor of your choosing. LastPass Now Offers the Flexibility to Authenticate Into the Vault & Single Sign-On Applications With SMS Passcode, Voice Call or YubiKey is the article, please check it out.
    • Security Now, podcast 808 is being listened to, and they’re talking aobut the Solar Winds password which was solarwinds123. This password was used to log in to one of their servers. According to the new CEO, this password was used from 2017 until it was changed in 2019, roughly two years after it was first used. The old CEO said it was an intern who set that password and it was changed upon discovery of it being published on a GetHub page.
    • Speaking of Solar Winds, there are apparently three more malware strains of this out there in the internet. Tim Starks, the writer for Cyberscoop, goes on to talk about these new strains. Fireeye called one of them SunShuttle, while two more strains Microsoft named GoldFinder and Sibot. SunShuttle was named by Microsoft to GoldMax. Researchers uncover three more malware strains linked to SolarWinds hackers is the article on this latest development and we’re still quite involved in this one.
    • There are articles out there that talk about Microsoft having trouble with their exchange server. According to one of the articles, there are 4 such holes in Microsoft’s software that has been patched the week of March 6, 2021.
    • Another Payroll company has been hit, this time, in the ransomware department. The article was written by our good friend Mr. Krebs and the response is typical of a ransomware attack. They also do HR work as well. According to the article, they have processed at least $80 billion in payroll money. They had hoped to have operations back up within a matter of days, but numerous PEOs as they’re called were effected by the outage. PrismHR is the best thing out there according to the article, as other options have different issues that are documented. For complete details, check out the article Payroll/HR Giant PrismHR Hit by Ransomware? as there is more than what is being documented here.
    • The hackers are also getting hacked. Talked about also in a recent podcast of the Cyberwire, Krebs is getting some well deserved recognission on this one. The Cyberwire names a fourth in their coverage, but when I read this article, I just had to chuckle on this one. There are definite indicaters this is true including a private encryption key, ICQ numbers, and possibly more. The article Three Top Russian Cybercrime Forums Hacked should be read for more.

    Other things

    • Michael in Tennessee sent me 12 Android Apps you need to get rid of and we’ve got this video. These are some scary things the gentleman talks about in here, better watch what you’re getting out there in Android world.

    End of program

    Comments (0)

    Samsung fixes critical Android bugs in March 2021 updates

    This week Samsung has started rolling out Android’s March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.

    Source: Samsung fixes critical Android bugs in March 2021 updates

    If you use Android and are supported by Samsung, time to update. Besdies that, Windows has their share of updates but that’ll be coming in a blog post later today. Michael talks about the Samsung phones being good for their update, and above is a blurb from bleeping computer and a link to read the full article.

    Comments (0)

    Vulnerability summary for the week of March 1, 2021

    This is the link to March 1st vulnerability summary and there is yet another 10 at the bottom of the high section. Several Google Android listings in this one. If you find something that effects you, take note of it.

    Comments (0)

    Vulnerability summary for the week of February 22, 2021

    I’m finally getting around to looking at the vulnerability summary for February 22, 2021 which was received on March 1st. There is one item that is a 10 which is the highest CVSS score you can get. Several other names may be familiar to some including Adobe, but the 10 is the last one in the list that I saw. You might want to peruse the list and determine if something effects you.

    Comments (0)

    BARD and Older iOS Devices

    The following was sent to the BARD email list. The JRN is passing this along for those who are not on this list. Please contact NLS or your library for more information about the following announcement. It is between the ruler markers.

    With regret, we write to confirm that BARD no longer supports iPhones, iPads, and iPod Touch devices running any version of iOS earlier than 11.0. NLS staff worked hard to find a way around this situation, but after an exhaustive search, we have found none. We realize that, especially in these difficult times, this poses a very real hardship for some of you, since the only solution for continuing to use BARD Mobile is to purchase a newer device. You can find a list of all devices that run iOS 11 at this apple support page.

    Any newer iOS device will also work. Since the current version of iOS is 14, some of these devices are quite inexpensive.

    There are many low-cost Android devices and Fire tablets, also known as Kindle Fires, that can run BARD Mobile as well. If you opt for one of these, make sure that the Android device is running Android OS 7 or later, or that the Fire is running Fire OS 7 or later, which means eighth generation or later.

    If replacing your iOS device is not an option for you, we can suggest a couple of alternatives:

    1. If you have access to a computer, you can download books and transfer them to a flash drive or cartridge for use with the free NLS Digital Talking Book Player available from your regional NLS library. If your computer is running Windows 7 or 10, BARD Express makes downloading books and copying them to flash drives particularly easy. Follow the BARD Express link on the BARD main page to learn more.
    2. If you don’t have access to a computer, you can ask your regional library to mail cartridges to you with books of your choosing that you can play on that same player. If you like, your library can copy books from a series or multiple books by the same author to a single cartridge.

    For more information regarding either of these options, please contact your regional NLS library. You can obtain contact information by following the link “Find Your Library” at The NLOS main web page.

    We apologize for any inconvenience or hardship this situation has created for you and hope you will find a way to continue enjoying BARD.


    The BARD Support Team

    We hope this information is of value to users, and thanks for reading!

    Comments (0)

    IOS and WatchOS have updates

    Hi all,

    I was perusing Applevis on my telephone last night, and they had a post about IOS and WatchOS updates which cover security things. For full information, please read their post and I hope that this information is of value to you all.

    Comments (0)

    This week in Security news, news ending February 26, 2021

    I know i’m quite behind in doing a lot of reading, but I happened to come across this digested read dealing with some news in the security field, and I thought it was time to go through and see whats going on.

    Apparently, Facebook, Twitter and other visual apps that the sighted use are vulnerable to problems but now audio apps including the newly popular app called Clubhouse. Several blind people I know or know of have it, and one recently sent me an invite which I never received. Be that as it may, I’d be interested to read this one, and I see it in the Trend Micro archives that i need to read.

    Over 10,000 users were recently hit in a fed-ex lure where people who get this type of email can get bitten with whatever the actor decides to throw at them. Always know if you’re receiving a package. These lures are back!

    We’ve talked about double Extortion before on several episodes of the Security Box, but have we talked about Nefilim ? It doesn’t sound familiar, but Trend Micro has the lowdown on this one.

    Sit down, don’t listen to anything else, turn everything off, because I’m going to tell you something that even I was shocked when I read this. The headline linked says that there wee=re 119,000 threats per minute. Think about this. According to the blurb under the headline:

    The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. That averages out 119,000 cyber-threats
    per minute. Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million
    unique phishing URLs were detected by the company in 2020, with home networks a primary target.

    Is this something to sneeze at? This article wasn’t written by Trend Micro, so I’m going to have to read this one.

    There are 4 different hacking groups according to an article that are hitting critical infrastructure and these are apparently new ones.

    According to another article, Android users now have a way to check on the Security of their passwords. Android hasn’t seemed too keen on security, but now we learn they have something? I know Lastpass can already do this browser extension wise and I’m sure there are other password managers that can do this.

    There are 6700 VMware server exposed to a new bug, according to the news. This can’t be good.

    Find something in the blog post by Mr. Clay you want do discuss? Let’s hear from you! This Week in Security News – Feb, 26, 2021 is the article, let the comments flow in!

    Comments (0)

    Older Posts »

    go to sections menu

    navigation menu

    go to sections menu