The Security Box, podcast 34: The Rest of Keylogging, news, notes, note takers and their security, a very interesting video and more

This week had no listeners on the live recording of today’s program but that’s OK. It is going to happen. I present you program 34 and its accompanying show notes for you to enjoy. If you have comments, please feel free to contact me.

• Email/imessage tech at menvi.org
• Text/whats app 804-442-6975
• Station email/imessage also works go to the contact the DJ’s page to learn more

Here is 130.94mb file for everyone to get. Its on the RSS feed already.

Here are the show notes.

Welcome to podcast 34 of the Security Box. On this edition, we’ll pick up where we left off on the Key Logging aspect of our discussion and we’ll have news, notes, commentary and more. We also have something from Michael in Tennessee who sent us a video of 12 Android apps you must get rid of. Some of these, are quite interesting. Hope you enjoy the program as much as I am bringing it together for you.

Topic: Continuing Key Stroke Logging

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

News Notes and More

This Tech blog post: Wetransfer has now joined the services that can be and has now been abused for Phishing Lures covers my thoughts on this and gives an example of a link that is valid verses the link that they show that is not valid and could lead to some big time problems. Zloader is the malware out there and I link and will link to the article from Phishlabs Surge in ZLoader Attacks Observed so that you can read my thoughts, or just decide to read Phishlabs coverage on this.
• Looks like Lastpass is offering the ability to allow people to use SMS or voice calling for their second factor. I’m a little bit confused because I thought we can select it as well as our already existing two-factor method like the app or SMS already. This is the best thing that can come out of it, having a second factor of your choosing. LastPass Now Offers the Flexibility to Authenticate Into the Vault & Single Sign-On Applications With SMS Passcode, Voice Call or YubiKey is the article, please check it out.
• Security Now, podcast 808 is being listened to, and they’re talking aobut the Solar Winds password which was solarwinds123. This password was used to log in to one of their servers. According to the new CEO, this password was used from 2017 until it was changed in 2019, roughly two years after it was first used. The old CEO said it was an intern who set that password and it was changed upon discovery of it being published on a GetHub page.
• Speaking of Solar Winds, there are apparently three more malware strains of this out there in the internet. Tim Starks, the writer for Cyberscoop, goes on to talk about these new strains. Fireeye called one of them SunShuttle, while two more strains Microsoft named GoldFinder and Sibot. SunShuttle was named by Microsoft to GoldMax. Researchers uncover three more malware strains linked to SolarWinds hackers is the article on this latest development and we’re still quite involved in this one.
• There are articles out there that talk about Microsoft having trouble with their exchange server. According to one of the articles, there are 4 such holes in Microsoft’s software that has been patched the week of March 6, 2021.
  • Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails Krebs on Security
  • At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software Krebs on Security
  • Victims of Microsoft Exchange Server zero-days emerge Cyberscoop
• Another Payroll company has been hit, this time, in the ransomware department. The article was written by our good friend Mr. Krebs and the response is typical of a ransomware attack. They also do HR work as well. According to the article, they have processed at least $80 billion in payroll money. They had hoped to have operations back up within a matter of days, but numerous PEOs as they’re called were effected by the outage. PrismHR is the best thing out there according to the article, as other options have different issues that are documented. For complete details, check out the article Payroll/HR Giant PrismHR Hit by Ransomware? as there is more than what is being documented here.
• The hackers are also getting hacked. Talked about also in a recent podcast of the Cyberwire, Krebs is getting some well deserved recognission on this one. The Cyberwire names a fourth in their coverage, but when I read this article, I just had to chuckle on this one. There are definite indicaters this is true including a private encryption key, ICQ numbers, and possibly more. The article Three Top Russian Cybercrime Forums Hacked should be read for more.

Other things

• Michael in Tennessee sent me 12 Android Apps you need to get rid of and we’ve got this video. These are some scary things the gentleman talks about in here, better watch what you’re getting out there in Android world.

End of program