go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: June 2021

Go to Homepage [0], contents or to navigation menu



McDonalds had a breach, but no U.S. places have been pilfered

As far as we know and can gather by the article, McDonalds was compromised outside the United States in two different countries. There is nothing to indicate that U.S. franchizes or full restaurants were taken by actors.

McDonald’s discloses hack of customer data in South Korea and Taiwan has the complete details of this one, you should give it a read.

Thanks for reading!

Comments (0)

Security now, podcast 823: TLS may be in trouble and there’s nothing we can do

Just saw the following via Steve Gibson for Security Now.

Steve Gibson, “TCP Confusion Attacks”
Security Now! #823 show notes:
link to notes browser attacks, last week’s June patchfest, TikTok’s “privacy” policy change, the amazing ANOM sting operation, a BitLocker data recovery adventure, and a worrisome “unfixable” attack on TLS! 3 minutes ago, TweetDeck

This can’t be good, we’ll have to see what happens with TLS now.

The show start time is 13:30 PT, but since it is done live at TWIT live it may be delayed but it’ll be today. You can also use this twit live link if you want, both work.

Comments (0)

Bankrupted MoviePass does not have to pay users of their defunked service for their stupid shitty mistakes

While I’ve been looking at articles that should highlight news notes, this one keeps popping up in my head. As I wrote in my news notes, the company doesn’t have to pay for their dreaded mistakes.

Some of the mistakes include, a server that didn’t have basic protections for protecting of personal information, continued lies on how your tickets you were paying for were to be used, increase in price, and probably others I’ve not mentioned here.

The reason why you won’t get restitution is because the company is bankrupt anyway, but the article does say:

The FTC will not provide restitution since the settlement comes after the company went bankrupt. The proposed consent order requires parent company Helios and Matheson Analytics, Inc. and principal executives Mitchell Lowe and Theodore Farnsworth to enact “comprehensive information security programs” for future businesses and report any data breaches.

For the full story, please view the Cyberscoop article MoviePass settles with the FTC over exposing private information, misleading consumers and let the comment boards blow up!

Comments (0)

There is a 47 percent increase in Phishing in Q1 2021 says Phishlabs

We covered the Phishing Trends report from Phishlabs in last podcast, and there’s another article that has some highlights.

From their data, there are 5 different targets for industries. They are:

  1. Social Media
  2. Financial
  3. Webmail & Cloud Services
  4. Ecommerce
  5. Telecommunications

Social media is first, and I suppose we shouldn’t be surprised by this because it is heavily used by quite a number of people. The actors know this, and they’ll stop at nothing to get their attacks out there which include pointing people to things using platforms like Twitter and Facebook as their place to start.

According to this article, more than half of the accounts are fraudulent.

Of the phish targeting the social media industry in Q1, 21% targeted messaging apps. This allowed threat actors to connect with potential victims in real time, giving the impression that the communication was legitimate. Believing they are interacting with a benign individual, victims are more inclined to perform requested tasks such as clicking a link or divulging sensitive information.  

Also according to the article, Single Sign on may be part of the problem now, as you have one set of credentials for everything, but it is better productive wise to have something like it. There are links within the article that cover lots of these things.

There are other aspects of this article that I found of interest too.

The Financial sector has been hit hard, and the 5 types of financial institutions included:

  1. National Banks
  2. Payment Services
  3. Credit Unions
  4. Regional/Community Banks
  5. Brokerage/Investments

There’s definitely more including cryptocurrency accounts also being an attractive target.

Again, the article is titled 47% Phishing Increase in Q1 and its well worth the read. Thanks so much for reading!

Comments (0)

Unpatched vulnerability in Samsung phones could let hackers read your messages

Samsung has some flaws I think people need to know about. Find details in the article quoted and linked below. This is serious, make sure you have the latest updates.

Samsung has been made aware of issues that could give hackers access to SMS messages and arbitrary files.

Source: Unpatched vulnerability in Samsung phones could let hackers read your messages

Comments (0)

TikTok will not be banned, has been held up in court

As we know, president Trump when he was in office had put an order banning TikTok from being ran in the United States because of their potential issues that they had.

Apparently, they have been known for violating their COPA rules, but that is on them, not us.

The article I read recently titled Biden revokes TikTok ban, issues new guidance for evaluating foreign apps goes in to details on what is going on. It talks about the order, what it hopes to accomplish for all involved, and let’s see what happens.

Leave your thoughts on what you think it’ll accomplish after you read the article.

Comments (0)

iConstituent is the next victim in ransomware

This week, we learn about iConstituent, a service lawmakers use to communicate with voters. In an article titled Ransomware hits iConstituent, a service lawmakers use to communicate with voters it talks about what happened as they got it at the time over at Cyberscoop.

iConstituent boasts that its software “supports millions of digital interactions between people and their governments each year.” It was unclear Tuesday morning how broadly the incident would impact House legislators’ communication with constituents.

The Washington-based firm did not immediately respond to a request for comment. The news outlet Punchbowl was first to report on the incident.

I’ve recently gotten text messages about voting for some people and I’m not even a registered voter. Don’t remember now where they came from, but I never signed up for such services and I’ve written “stop” to all of these numbers that tell me to vote for some person or another.

I’m not sure if that is the same service or not, but if people add bunches of numbers and send out blasts of text messages using a service like this should be told that they can’t do that. Services like this should be used for legitament use, and the fact they’ve been breached is a sad state of affairs.

This news broke hours before we end up finding out that Colonial Pipeline paid 4 million dollars in ransomware to their attackers and 2.3 million of that was recovered by the department of justice.

There’s lots more to read here, Ransomware hits iConstituent, a service lawmakers use to communicate with voters is the article once again, feel free to read it. Lots of links throughout.

Comments (0)

This is not a drill: VMware vuln with 9.8 severity rating is under attack

I guess I’m not surprised finding this out that it is out on the loose. There’s a quote with the link to the article, I’m not sure exactly how to cover this. Hope you find this of interest, it isn’t too late. The article was posted on the 4th.

Code execution flaw in vCenter is exploited to install web shell on unpatched machines.

Source: This is not a drill: VMware vuln with 9.8 severity rating is under attack

Comments (0)

Finally got to read this one: ISP’s charge too much, and I agree with this article linked

Hello folks,

Michael in Tennessee sent me this article titled ISPs claim broadband prices aren’t too high—Biden admin isn’t buying it from Ars Technica.

My story is this. While I started at my current location at $50 for the first year, I now pay $63 for the same service. I’ve not bothered to change because the cable companies want to charge me $5 just for WIFI. What I get includes WIFI, and I have stuff connected already so there isn’t any reason for the moment to change.

I’m going on my third year at this location, and when I saw that AT&T charged me $63 I called to ask. I never get a bill notification, so I don’t know when the bill is ready. The rep said that the price went up $3.

After my first year, the price went from $50 to $60. That’s now $13 higher in two years. Its definitely gone up, and I hope it doesn’t go up much more, or I’ll have to tell them I can get it cheaper. Even paying the $49.95 is cheaper, but they advertise at $44.95 plus $5 for WIFI. That turned me off.

I think this article should be read, it is definitely worth the discussion. How much has your internet gone up since you started paying for it? Let’s discuss!

Comments (0)

One hacking tool, trickbot, was built on old malware code

We know that Trickbot, the pervasive malware that targeted tons of different agencies for many years is probably now among the dying as its code writer is probably done for, thanks to a recent arrest we covered as part of last week’s notes and also covered on the blog.

Today’s article is entitled: Trickbot indictment demonstrates how one hacking tool built on older malware which comes from Cyberscoop.

The story starts with a film company who was affiliated with scammers who built Trickbot indictment demonstrates how one hacking tool built on older malware. This is the first time I’ve heard of Trickbot indictment demonstrates how one hacking tool built on older malware, but we do know that Trend Micro and other publications covered Trickbot like their life depended on it.

I would too, if the malware was built in such a way that it caused lots of havoc, and I may have covered my thoughts on some of the articles in the past. You can search the blog, and see if we have or not, that’s the beauty of having a blog, isn’t it?

According to the article, Dyre perpetrators were never formally charged, but this article says that Dyre was a banking trojan. This means that it waited for you to go to your bank site and then stole your credentials as you entered them in to the official site. Crooks then went in using your credentials and cleaned you out. The bank said that it was authorized because it was authenticated, even though it was not you.

Getting your money back in these instances was hard, because the bank saw your account logged in, and it was their word verses yours.

After Dyre supposedly died, Trickbot was born, and it pretty much did the same thing.

The episode exemplifies how cybercriminal groups can evolve and, drawing on old hacking tools, haunt U.S. organizations for years to come. And, as Joe Biden prepares to press Vladimir Putin on Russia-based ransomware gangs, the Dyre-TrickBot evolution offers another example of the long tail of lax law enforcement in Russia.

While I see and understand the president of Russia’s position, the fact is, the actors who are supposedly in Russia are violating the law elsewhere, and Russia must help out to apprehend these actors to show that “crime does not pay.” The fact is, Russia is relaxed, there aren’t laws broken there so we don’t care if they cause millions of dollars in damage elsewhere, it isn’t our problem. That’s what they are saying, and I don’t need to put that in quotes because it can be left up for interpretation.

There are lots of links within this article, so please feel free to go and read this if you’re interested in the story behind this massive piece of malware which is more than likely done now.

Again, the article is titled Trickbot indictment demonstrates how one hacking tool built on older malware so feel free to comment on this one for any podcast you wish, or even discuss it on the blog. The boards await you!

Comments (0)

This week in security news, news ending June 11, 2021

There’s lots in the news this week, and lots dealing with the Ransomware issue that we all need to be aware of.

Just in the list by Trend Micro alone for their digest, there are a lot of news stories dealing with Ransomware and with great reason. It is now one of the biggest problems besides Phishing that we have to deal with. Makes administrators jobs quite difficult, especially when some may not have seen these types of things.

I’d love to see what an email looks like that would contain ransomware without the ransomware of course.

In no way am I asking people to send it to me, because our systems could block it which is good, but I do want to see what it looks like so I can be aware of what to look for as a user, and a teacher.

This Week in Security News June 11, 2021 has the list of articles they have collected, and we’ll be posting stuff we’ve found that will make it in to news notes for our next technology podcast, program 48 of the Security Box.

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s forward look into the lasting impact of COVID-19 on security. Also, read expert opinions on how banning ransomware payments might create new crises.

We have a webinar from the folks at Sans that asks the question. I’ve not heard it yet, but I did tape it. This aught to get interesting on where I put this program once I hear it. I believe it should be heard.

Comments (0)

We’re now running on full SSL redirect, here’s what I’ve found

Michael in Indiana has asked us why we are not running on “forced redirect to SSL” and I honestly thought that our control panel provider cpanel was to do it for us.

Honestly, I think they’re right, giving us the choice on whether we want it or not. The bad news is that my testing shows that it now comes from my server’s IP when we receive forms now, protecting your IP which may not be a bad thing. I think though it is my provider making a change and not an SSL issue because of the fact that one site is not SSL protected yet.

Searching Google for SSL and redirecting web sites popped up this cpanel video which was very well described by the person who made it. I’ve turned on SSL redirect for MENVI, this site, jaredrimer.net and the mix so far.

Once I fix one of my other domains, I’ll be testing this to determine whether I can still utalize the domain for that purpose, or if I need to include other instructions.

I want to pass this along to people so they are made aware of this in case they don’t already.

Thanks Cpanel for giving us the opportunity on following guidelines that are best practices today. You guys are awesome!

Comments (0)

Its time for patch Tuesday, 50 vulnerabilities this month and some good news to share this time

Hello folks and welcome to patch tuesday week and I think we’ve got some excellent news coming out of Redman this week.

First, Krebs and Trend Micro are both reporting that Internet Explorer will be retiring this month on June 15th. If you’re still using IE, its time to change, because now it won’t be supported any longer.

More good news is that we only have 50 patches across the variety of Microsoft software to fix, 6 of which are being exploited now, and several reported through the ZDI program.

CVE-2021-31985 and CVE-2021-31978 were the two vulnerabilities reported, at least one affect Defender.

Want to read the entire article of whats new? There are two to choose from, so please pick the one you want.

Want to comment? Feel free.

Comments (0)

The Security box, podcast 47: Security is our theme with lots of stuff in regards to it

Download TSB047_2021-06-09.mp3 from SendSpace

Above is the link to today’s program which we started a little earlier than usual to account to taking an appointment today which worked out for me. While we had no comments, that is OK, you’re welcome to contact me any time.The file is 89.1mb.

Here are the show notes for everyone to read, with links to the stuff we covered.

See you next week!


Welcome to the security box, podcast 47. On this podcast, we’re going to talk about Security. A video which I found on Ted Talk’s youtube channel will lead this discussion. We’re also going to talk about an article from Lastpass talking about protecting your business from data breach trends. It talks about something we’ve talked about, supply chain attacks. Speaking of supply chain attacks, Jennifer talks about our top story from our show notes, and we’ll address any concerns from that as well. We’ll have news, notes, questions, comments and more. Want to leave a message by phone? Call 602-887-5198 to do so. Thanks so much for listening!

Topics

News Notes

  • FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work Cyberscoop
  • Fujifilm shuts down computer systems following apparent ransomware intrusion Cyberscoop
  • Vulnerability in VMware product has severity rating of 9.8 out of 10 Ars Technica
  • Q1 2021 Threat Trends & Intelligence Report Phishlabs
  • Q1 2021 Threat Trends & Intelligence Report Phishlabs
  • Latvian national charged with writing notorious Trickbot malware
  • Tokyo Olympics organizers’ data swept up in Fujitsu hack: report Cyberscoop
  • SIM swapping victim alleges T-Mobile failed to stop $20,000 cryptocurrency scam Cyberscoop
  • Comments (0)

    Don’t Click! This definitely looks like a scam, asking for credit card or payment info

    Check this one out. The blog will put the URL as a clickable link, don’t click or press enter on the link.

    Are you kidding me? I clicked to look and it asks for a name and payment information such as credit card or debit card. This has got to be a scam. The fact they’re sending it from one of my network’s IP addresses is full of it too. I contacted the provider about it, but they were asking about what code I was running and whether I have captcha which I don’t. I tried to implement one, but it didn’t go far.

    Here you all go. Don’t click! They used HTML and the blog will put it in a clickable link.


    Below is the result of your feedback form. It was submitted by () on Wednesday, June 09, 2021 at 18:43:35

    Name: Marcoplusa
    phone: 89457248477
    contact_method: both E-mail and phone
    bug: no
    additional_bug_info: You received a money transfer of $ 89.44! PREPAYMENT! To receive funds, go to the payment page
    Detail: Official bank site/url] Official bank site Official bank site
    comment_or_question: You received a money transfer of $ 89.44! PREPAYMENT! To receive funds, go to the payment page
    Detail: Official bank site/url] Official bank site Official bank site

    submit: Submit comment or question to the Jared Rimer Network

    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Edg/83.0.478.37
    REMOTE_ADDR: 198.37.123.246

    Comments (0)

    podcasts and rss

    Hi.
    This started with me upgrading my brouser from old waterfox which has had issues lately back to firefox.
    I descovered that in chromium and firefox rss just didn’t work at all.
    Currently there are several options.
    1. install or get a portable version of waterfox 20.08 or firefox below version 64 so firefox 52 will work.
    If you use all windows from windows xp through to 8 of course you can use internet explorer.
    The issue is of course that microsoft is retiring internet explorer next year so no dice with that.
    We will cover the addons I use.
    Note, this does not cover rss feeds for subscription.
    If you have chrome you may use this.
    https://chrome.google.com/webstore/detail/rss-subscription-extensio/nlbjncdgjeocebhnmkbbbdekmmmcbfjd?hl=en
    or this
    https://chrome.google.com/webstore/detail/rss-feed-reader/pnjaodmkngahhkoihejjehlcdlnohgmp?hl=en
    Just add to chrome as you would an extention by selecting add to chrome and the add to chrome button that will pop up then close and reopen your rss.
    This is shoyu rss and atom preview.
    pronounced show you rss and atom preview.
    The link is this.
    https://chrome.google.com/webstore/detail/shoyu-rssatom-feed-previe/ilicaedjojicckapfpfdoakbehjpfkah?hl=en

    A note to this addon.
    After adding this in chrome/edge /brave/ whatever other rss you have, your feed will open in a new tab.
    When you close the tab it will have a spare window which you must close.
    I don’t know why that does that but it works.
    For firefox
    go to addons.mozilla.org and search for rss then I want my rss.
    Link is
    https://addons.mozilla.org/en-GB/firefox/addon/want-my-rss/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search
    I want my rss does what it says, it will actually display the rss as you are used to in the same window and it will work.
    To add an extention to firefox, select add to firefox link somewhere on the page, under the addon heading then hit alt a several times till a checkbox for private windows appears, check or uncheck as you want then hit ok then close and reopen.
    Small note.
    These are not rss apps, this tutorial doesn’t cover rss readers, news agrogaters, or podcatchers.
    This is to simply restore the lost functionality for reviewing feeds.
    I don’t subscribe to feeds or casts rather I download indevidual files.
    In the case of chromium this will render the rss feed as a standard webpage and not a pile of junk.
    With firefox you won’t be needing to download and save the rss file or anything like that.
    To be honest I don’t understand why the removal but oh well thats progress I guess.

    On the subject of articles, I have been reading a lot of them over the week.
    Like a lot of places the local hospital or rather one of the country’s hhealth services got ransommwared.
    The person that got this on their system clicked a link in an email.
    We can assume this person was probably expecting something rather than being dumb and clicked in error because this trick is old as the hills.
    Systems are still being restored but its not that easy.

    In other news using an app and taking down encripted networks, the fbi was able to arrest several gangsters and bust several gangs world wide which is a win.
    Sadly, as is the case, there is probably another attack vector out there.
    No panic just yet but now the fbi has an app to handle the encripted networks, it means that everyone’s network could potentially be gotten into.
    The method or rather idea is now live and the fbi can’t really stop someone else using the same concept to get control of who knows what.
    Last night a glitch appears to have caused a lot of the net to shut down for an hour due to an issue with a large cloud previder though they are not saying anything.

    I will continue to read things.
    Please note, when adding posts the latest wordpress puts it in a category called general updates and announcements.
    Please uncheck this because if you don’t the post will not appear at all.
    On another small note if you are a sighted reader please check if the mobile view works, I did doodle with the theme today and it looks ok but either wordpress or the current theme we have.
    Currently there are reports of small letters and elements to close, though there was another issue last year.
    I assume it just works but oh well.

    Please note if you notice doubled letters my keyboard probably needs cleaning.
    I havn’t done it yet but its something I need to try to actually do.

    Comments (0)

    WWDC was yesterday

    Yesterday, I caught the last hour of the WWDC coverage. Partially, I forgot, but then I remembered a webinar I wanted to attend which I taped to listen to as I got in to other things instead of listening to that.

    Applevis has the coverage in a great blog post called Summary of Apple’s 2021 Worldwide Developers Conference Keynote Presentation and I hope it is of value to you.

    If you watched it, what did you find of interest?

    Comments (0)

    Russia wants you to have a random number generator installed to have secure communication

    I think I’m going to file this under the “I can’t believe I read this crap” department.

    I honestly think its time that we figure how to block out Russia after reading today’s Krebs article entitled Adventures in Contacting the Russian FSB which I just found absolutely appalling.

    Its common practice now to find a majority of web sites under the secure protocol known as https. As discussed with someone who works at Los Angeles Metro that I work with, I talked with him about the Q1 2021 Threat Trends & Intelligence Report which we’ll be talking about on this podcast coming up.

    With that report out of the way, and the article from Krebs, I wonder what you think? Russia basically wants you to install a generator which they say to remove once you’re done, and this is the only way to communicate with them directly securely. According to Brian, they also now have a TOR version of their site which doesn’t have you download anything, and this is supposed to be the government.

    Visit the FSB’s website and you might notice its web address starts with http:// instead of https://, meaning the site is not using an encryption certificate. In practical terms, any information shared between the visitor and the website is sent in plain text and will be visible to anyone who has access to that
    traffic.

    There’s tons of linked stuff here but this has got to be the most interesting article I’ve read in quite awhile. Not that I find articles I read boring, because I subscribe to the source, but this one has got to be quite interesting. Guess I won’t be contacting Russian authorities for anything if I ever needed to. What a joke!

    Comments (0)

    Tech podcast 360: The Anatomy of an attack

    Its been some time since we’ve released a tech podcast, but its time.

    Here is the 66.6mb file for you to get if you don’t want rss.

    I hope to bring more podcasts out, I really need to do it. Here are the show notes for you to read.


    The Anatomy of an attack has been around for quite awhile. I think its within the last couple of years, and I think it is quite important now more than ever. I talk about what has happened with our staple of the box, and how it was an inbound call that started it, but thats not traditionally the case. Listen to this hour long webinar and let’s talk.

    Comments (0)

    The Zero Day Initiative wins top dog again

    I’m not sure if we’ve covered this, but in case we didn’t, Trend Micro has an article about their accomplishment of winning the vulnerability disclosures again. The article is titled ZDI Tops Omdia Vulnerability Disclosures Again and it was an interesting find.

    Of 11 vendors, ZDI disclosed 60.5% of the bugs in 2020. This continued leadership has ensured our customers have the best vulnerability research in the industry backing them up against the use of exploits in attacks coming from malicious actors.

    This is important, as this forces companies to fix their software, and 65 percent is pretty good.

    Digging deeper into the reported vulnerabilities, the ZDI bug bounty program also disclosed the most vulnerabilities in every severity level, critical, high, medium and low.

    This means that venders should be fixing them, even though some may not be so bad. With Trend Micro being the leader in this field to date, they’ve got the knowledge to get stuff done.

    The article goes in to a bunch of detail on what was found in the report, so check it out.

    Comments (0)

    « Newer PostsOlder Posts »

    go to sections menu


    navigation menu

    go to sections menu