go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: June 2021

Go to Homepage [0], contents or to navigation menu



Misinformation is not just in English

According to an article which is backdated close to mid-june, although not quite mid-june, I read about misinformation problems on Facebook especially in Spanish.

While I don’t speak Spanish well enough to do anything in the language, I can understand how difficult it is to make sure it is factual, especially since some words we say in English may not have meaning in Spanish.

There is an example of this in one of the tracks we played on the Independent artist show this past Sunday where the Spanish version is not what the English title is.

Facebook declined to mention how many moderators they have doing the Spanish work, yet it mentions other languages in this article.

The article is titled Spanish-language misinformation about vaccines is evading Facebook’s moderators and I’d be interested to hear if you’ve come across this type of thing.

I guess the biggest question is whether you use social media to make decisions? I don’t. Let me know.

Comments (0)

A Supervisor gets time, let’s discuss

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang.

Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby’s and other U.S. corporations. Victims experienced “enormous” losses, according to the Justice Department, that by some estimates have exceeded $1 billion.

“During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal noted. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — FIN7 illegal activity resulted in over $100 million in losses to financial institutions, merchant processors, insurance companies, retail companies and
individual cardholders.”

FIN7 presented itself as a legitimate security vendor that specialized in penetration testing, a way of using offensive measures to improve firms’ digital defenses. In fact, the roughly 70 people involved with the collective worked as hackers, though it remains unclear if all of those involved in fact realized they were breaking U.S. law.

I guess crime does not pay, according to the shadow, he has found you and will make sure you get justice.

Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison is the article.

Comments (0)

Big tech man John McAfee found dead in Spain … possibly suicide

Cyberscoop reports last week that big tech man John McAfee was found dead in a Spanish jail awaiting extradition back to Tenessee where he faced charges which could have put him in prison for 30 years.

According to the article, all leads point to “death by suicide.”

Security Now! covered this from time to time in their program, and I knew my twitter covered this through Cyberscoop so I sent it over to Steve himself.

McAfee faced up to 30 years in prison if he was convicted of evading taxes in the U.S. Prosecutors in Tennessee charged McAfee with failing to report income from cryptocurrency promotions, speaking engagements and selling the rights to his life story to a filmmaker.

The Spanish court’s ruling was made public on Wednesday, and could be appealed.

Again, this article was written I believe on the 22nd and I saw this over this past weekend. Its unfortunate that this occurred, and as someone said yesterday, when you’re famous, all kinds of things happen.

For complete coverage, I now give you the Cyberscoop article: John McAfee found dead after Spanish court approved extradition to US.

Out of respect, this will be the last article posted today. While I’m still getting news notes together, this will be the top story until tomorrow. Thanks for reading, and make it a great day folks.

Comments (0)

NFC flaws let researchers hack an ATM by waving a phone

What important work this is! We need to find a way to patch the ATM’s as quickly as possible. I liked this article, and it was sent to me by Michael in Tennessee. I think it should be read, maybe the institution you do business can be notified about this article, and they can find out how to get the software updated. Its not just ATM’s either, let that be known.

Below, please find the quote and a link to his very important research article about ATM’s and POS systems.

Flaws in card-reader technology can wreak havoc with point-of-sale systems and more.

Source: NFC flaws let researchers hack an ATM by waving a phone

Comments (0)

Come On Down! Grand Theft Auto is the next victim in the video game for mining crypto currency!

Come On Down! Grand Theft Auto is the next victim in the video game for mining crypto currency!

I was trying to come up with a phrase that is similar to what they do when bringing up a contestant on the price is right, and i’ve done similar article gtitles on other stuff but I think I broke this one.

Anyhow, at hand is another video game that if not gotten from the right sources, can use your computer to mine crypto currency for actors.

One of the antivirus companies still around is called Avast, and they’re still around. They published a report linked within the first paragraph talking about this latest game being the target of hackers.

We know that EA Sports was targeted for their source code, and actors want that too, so they’ll stop at nothing to get their wares out there for the masses to download.

Taking two paragraphs from the article, it says:

The malware, which researchers have named “Crackonosh,” has infected over 220,000 unique devices since 2020. Using the coin miner known as XMRig, cybercriminals have been able to make a total of roughly $2 million worth of Monero cryptocurrency with the malware.

Infected files used to install the malware included malicious copies of popular games including The Sims 4, Grand Theft Auto V and Fallout 4. By duping users who download free versions of games that normally cost upwards of $50, fraudsters prey on unwitting users to borrow their computing power.

This should probably not surprise me, although there have only been a few cases of the blind community having this kind of trouble with software.

The first time the blind community had trouble was way back in 2006 when Accessible Chat which is no longer around was pilfered and when the blind installed it crashed their computer making it useless.

The defunked about.com wrote an article, mentioning me at the time as the person who reported it.

At the time, Superior Software was linked, and that was my father’s company. The site is still registered through 2023 I think, and I’ve moved it over to point to me because it is no longer a valid business name that can be used.

Once that expires, I’ll remove the domain off my account, and I hope that it doesn’t get maliciously used.

Back to the gaming industry here, I know my dad loved to play tons of computer games, but I know that he would buy them from the original source and not go to great lengths that other people do and the actors know this.

Researchers have identified 30 different strains of the malware developed since 2018. As of May, the malware was still hitting thousands of users every day, according to the report.

That is a lot of samples by definition, and it is still out there causing havoc to unsuspecting visitors who are looking for the game for cheap.

To read the entire article and even some linked stuff, here is the Cyber Scoop article: Hackers are using bootleg copies of ‘Grand Theft Auto V’ game to mine Monero for your amusement. Let the games begin!

Updated 13:00 PT June 28th with the link which I thought was there. Oopse!

Comments (0)

This week in security news, news ending June 25th 2021

I read this week in Security News pretty much on time, which means I must be doing better than I was last week.

The news is a digest of what was stpotted on the Net as well as Trend Micro’s own writings of interest.

Here are the article titles of this week’s digest.

  • Tulsa’s Police-Citation Data Leaked by Conti Gang
  • Fake DarkSide Campaign Targets Energy and Food Sectors
  • Under Scrutiny, Big Ag Scrambles to Address Cyber Risk
  • Security Resources Now on AWS CloudFormation Templates
  • EU to Launch Bloc-wide Rapid Response Joint Cyber Unit
  • NukeSped Copies Fileless Code from Bundlore, Leaves It Unused
  • Google Expands Open Source Vulnerabilities Database
  • Consolidate for A Secure Digital Transformation

  • Consolidate for A Secure Digital Transformation

I read a little about this NukeSped the other day, and it seems quite complex. The list above are all of the article titles linked including this one within the blog post.

For the full blog post and analysis, please read the article This Week in Security News June 25, 2021 for all of the highlights. Thanks again for reading!

Comments (0)

Want to learn how Cybersluths cracked a shimmer gang? Check this out

I’m not going to cover this in news notes because there’s a lot here, but Krebs On Security has been covering skimming and other aspects of ATM stuff for many years now on his blog.

This time, he writes how cyber cops were able to get a handle on Shimming, which I’m not too familiar with.

This type of thing, according to the article, is not that common in the United States, mainly because U.S. institutions have gotten upgrades done with their ATM’s to be able to hopefully avoid this type of thing.

The article is titled How Cyber Sleuths Cracked an ATM Shimmer Gang and if this interests you, feel free to read it. I found it interesting, but at the same time, hard to really explain because I don’t really understand what is involved and what this device really is.

Comments (0)

Do you use something called mybook?

In Sans News Bites, there is a headline about something called Mybook.

No, we’re not talking about Facebook, Myspace, MyTelespace, or anything like that.

Sans News Bites in their coverage talk about Bleeping Computer and Ars Technica covering this, and Brian Krebs link to both of these within his story of this.

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

To make matters worse, this device hasn’t been supported since 2014 according to Krebs, yet people still have them. It is supposed to be a backup device from what I can gather, but I am sure I don’t have one.

The bug, according to Krebs, was reported back in 2018 to Western Digital, and they said that since it isn’t supported, users shold only have it connected locally and not on the Internet.

The CVE number assigned to this vulnerability is CVE-2018-18472 and it has taken this long for an attack to be launched on these devices.

For the full story, MyBook Users Urged to Unplug Devices from Internet should be read, or find coverage under Sans that was posted to this blog and will be posted again as part of the Security Box for this coming week. Its unfortunate it took this long, but we can’t do anything about it if no coverage of it is made public.

I’m glad that Western Digital made something available at the time, but my question is whether they notified their customers of these devices. I guess we’ll never know.

Comments (0)

Are free services as good as their paid counterparts? There’s an answer and more in this post

In our featured topic for this coming podcast, we explore this article by Phishlabs that talks about free VS paid services as part of their threat intelligence report.

There are quite interesting statistical information within this article. While free registration services for domains are just as comperable as their paid counterparts for example, we learn that maybe it isn’t so much. Only 23.1% of phishing sites took advantage of free services. Free registration services were abused nearly twice as much.

There’s plenty more, 62% of Phishing Sites Abuse Free Tools or Services is the article and I think you need to read it. We’ll discuss it this week.

Comments (0)

Sans News Bites June 25, 2021              Vol. 23, Num. 050

Here is the link to Sans News Bites for June 25th 2021. It covers quite a lot, and some may even apply to you.

We have from time to time covered these newsletters on our podcast, and I really need to try and do that on a regular basis because it is very helpful.

There is an item dealing with Solar Winds, VMWARE is also listed and you may find more. Hope you find it of value.

Comments (0)

Last Week in Security News

Hello Folks,

Last Weekend was a little rough on me, so I didn’t do a lot of reading this past week. I did see “thi week in security news” for last week, and want to get it out there for people who has not seen it.

Trend Micro gives some good articles they’ve seen throughout the landscape and puts it in to one blog post each Friday.

This Week in Security News June 18, 2021 is the article, and I hope you’ll enjoy it.

I’ll be preparing for the next program, so let me know what is on your mind.

Comments (0)

The Security box, podcast 49: Its time to really! keep your credentials secure, especially office 365 credentials

Hello folks,

The Security Box had a couple of very interesting topics, thanks to Krebs and Phishlabs for the articles where the topics were based from.

There was no news notes, but I’ll be sure to have plenty for next time.

Want to download the show and don’t have RSS? Go ahead and get the file (78mb) right here.

You may also go to the rss feed if you would rather do that.

Below, please find the Show notes for you which includes links to the articles we covered.



Hello folks, welcome to the Security Box. We don’t have news notes this week, however, we have two topics. We hope that news notes returns next week. This means that you, the listeners, might be giving us things you’ve read and your thoughts on it. We’ll see if that comes to pass.

Topics:

We hope you enjoy the show, and thanks so much for listening!

Comments (0)

The Security box, podcast 48: What the hell is going on with Russia’s security practices?

Hello folks, welcome to another podcast of the security box. I’d personally like to thank Michael in Tennessee for coming on our program for this one.

We’ve got quite a lot for you today in this 2 and a half hour podcast, and I hope that you enjoy the program as much as I have bringing it together for you!

Do you not have RSS access and want a copy of the show? No problem! Here is the 134.7mb file for everyone to use as your download.

Below, please find the show notes with links to all of the stories that we have for you today.

Some of the stories we have we did not cover in full for news notes, but some may have been covered on this blog in commentary by me.


Welcome to the Security Box, podcast 48. On this edition of the podcast, we’ve got two topics for you. The first is probably one you can file in the “I can’t believe I read this crap” department, while the second deals with Windows Update and what we had to look forward to there. We’ve got news notes with quite a number of very interesting items, as well as taking your calls, voice messages and stories to boot.

Topics

News and notes from around the landscape

We may have a lot of the things listed here in articles and commentary on the blog. Feel free to check out the articles and have your voice heard.

    Other Articles

    Here are other articles that we’ve read but can’t cover in full in the rundown. All articles are linked.

Thanks so much for listening, and do leave those comments!


Please leave comments via email/imessage/text or call 602-887-5198. Thanks again for all your support!

Again, Download TSB048_2021-06-16.mp3 from SendSpace if you do not have RSS capabilities.

Comments (0)

Rockyou gets hammered, not once, but twice … Better sit down for this one

Apparently, this is not the first go around for a company or entity caled Rock You. This lastpass article titled RockYou2021 Breach: How to Keep Your Data Secure Now is actually the last item in this week’s official news notes.

Here’s what we know. We know that potentially 8.4 billion passwords in a 100GB text file was posted oline to a hacker forum by an anonymous source.

The name apparently comes from the 2009 hack which first exposed 32 million passwords.

The article indicates that the global online population is 4.7 billion people, and the 8.4 billion is almost double this amount.

This is nothing to sneeze at. This may be the biggest dump in today’s history we’ve ever seen to date. I personally almost fell out of my chair when I heard this.

You cna do something about this right now. The first thing you should do is keep up with your password habots. There are three bullet points to this.

  • Never reuse your passwords: This includes never reusing your LastPass Master Password! Using the same password for multiple accounts means that if a hacker ever got hold of just one password, that one password would open several doors to your personal data. Use a unique password for every online presence you have.  
  • Use strong, complex passwords: An easy to remember (weak) password translates into an easy to crack password for hackers online. Always create strong, complex passwords for each of your accounts. 
  • Update your passwords: Keep hackers out of your personal data by regularly updating your credentials. Hackers may want to continuously access your account after a breach, and resetting your password can shut the door on compromised data in the future.  

I need to get better at doing item 3. With most people not doing much of anything, most of my passwords are strong, although I have a few passwords that I’ve used on multiple sites. I’ve not done that in most cases, and I’ve tried my best to stop that habot.

Do you use a password manager that has an option for dark web monitoring alerts? This is another tip given by Lastpass. It can alert you if something goes awry. It monitors your Email addresses within a list of breach credentials and alerts you via email or within the Lastpass dashboard. No password hashes are ever shared, but the notice of an email address finding may be crucial.

The next tip is multi-factor authentication. We’ve covered this through the technology and security box podcasts time and time again. This can’t be stressed enough! Let’s try to do our best when it comes to doing this, because our life now depends on it!

MFA requires additional information beyond a username and password to grant access. A user can more rigorously prove that they are the person they claim to be by supplying two or more “factors” — like a fingerprint and use of a trusted device.  

There are lots of links within this article, so go and read the full article to get the most out of it and link to things of value. Again, the article is titled RockYou2021 Breach: How to Keep Your Data Secure Now and please stay safe!

Comments (0)

Reality Winner is out, what do you think?

I recently read an article mentioning that Reality Winner is now out due to good behavior. She was arrested after leaks of documents became known, and the article I’ll be referencing goes in to the case more than I will here.

Last hyear, the woman and her lawyer tried to get her out on compasionate release due to the COVID-19 pandemic and this was denied.

I hope that whatever issues Reality is facing in her life, she gets the treatment she so desperately needs and deserves as a human.

The article is titled Former NSA contractor Reality Winner is released from prison for good behavior and is written by Cyberscoop.

Looks like the article is short, so go check it out.

Comments (0)

Another ransomware gang has bitten the dust, although this one seems to be mysterious

I read an article ta;lking about another gang that disappeared, although this time, they disappeared mysteriously.

The article Burgeoning ransomware gang Avaddon appears to shut down, mysteriously was written by Cyberscoop.

According to the article, the operators left no indication of why. A tweet saying this was good news is mentioned, and I agree. If these gangs are realizing that this is a bad idea before any of their members get it by any of our potential laws now or in the future, this is a good sign.

Have you read this article by Tim Starks and if you did, what did you think?

Comments (0)

Insurer pays not once, but twice for ransomware payments

Hello folks, saw an article I read Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive. Thi article was written by Tim Starks. I wonder what the cost of insurance would cost for something like this? We know health insurance is outrageously priced, what about this?

A city in California didn’t disclose a ransomware payment for more than two years after its insurer covered the cost, the city manager acknowledged amid yet another ransomware attack on the municipality.

In 2018, officials in Azusa, Calif. paid $65,000 through its insurer Chubb to free up its most vital system and used a free decryption key to unlock the others, City Manager Sergio Gonzalez said. The hackers took control of the city’s police dispatch system for more than a week in the fall that year, he said.

There’s plenty more, but we aught to find out how much this type of thing costs and if it is worth it today. Thoughts?

Comments (0)

2.3 million of the 4 million gotten back from Colonial Pipeline payment

Its very interesting how stories like this one come about. Krebs on Security gives us this one, and I found it quite interesting how this happens.

Usually we hear that the money is gone, the ransom is paid, and that is the end of it.

On May 7, the DarkSide ransomware gang sprang its attack against Colonial, which ultimately paid 75 Bitcoin (~$4.4 million) to its tormentors. The company said the attackers only hit its business IT networks — not its pipeline security and safety systems — but that it shut the pipeline down anyway as a precaution [several publications noted Colonial shut down its pipeline because its billing system was impacted, and it had no way to get paid].

So we’re learning that the business side was affected, not the pipeline side which is great news! I know it must have been a hard decision to shut down the pipeline as a precaution becuase you didn’t know how far this attack could go.

There’s plenty more from Brian, so please read the article Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang for complete details.

Comments (0)

EA Sports is gotten taken, this timne, source code is in the mix

Hello folks,

Continuing to try and blog on these items we’re not going to get to in our news notes this week, EA Sports apparently got its source code pilfered.

Source code to various projects is very important to have secure, as it could be used to launch incomplete things you didn’t intend, or people can turn it in to something you never intended.

I’m not in the programming relm, but all my website code are in files backed up in dropbox. Before that, it was on my hard drive and backed up on another one.

The article Hackers reportedly used EA Games’ Slack to breach network, access source code is the article, and its written by a new writer for Cyberscoop, Tonya Riley
.

Check this one out if you’re in the gaming relm, because it could effect you in one way or another if you do this type of work.

I don’t want to quote everything I read, but want to highlight whats out there.

Comments (0)

JBS said thatit paid11 million ransom

We recently leanrrn that JBS had paid an $11 million ransomware payment to ensure their data was not sold or used in any way, according to the article by Cyberscoop.

The payment is more than double the $4.4 million that Colonial Pipeline, a major fuel supplier, paid to recover its data in the wake of a separate ransomware attack.

This is rather unfortunate and unexplainable how one company paid 4 million, and the other 11 million, almost tripple the amount. Data is data, and this is really inteeresting why this was the case.

On why they paid the Ransom, the article states: In the same company statement, Andre Nogueira, CEO of JBS’s U.S. division, said it was a “very difficult decision” for the company and for him. “However, we felt this decision had to be made to prevent any potential risk for our customers,” he said.

We don’t really know what was taken, and of course the risk of double extortion is possible with both but we haven’t heard anything about that.

There are plenty of links in the story to various things, so why not check out Meat supplier JBS says it paid $11 million ransom to keep attackers from stealing data for all of the details.

Thanks so much for reading!

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu