The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
PlugwalkJoe plugged people … 1 person at a time in different ways, now arrested
I did the show notes for this article titled PlugwalkJoe Does the Perp Walk and I have been trying to figure out how to write this in a friendly article for the blog.
While his arrest is well covered, the article linked goes in to a lot of detail in regards to Sim Swapping cases, threats on rape and murder of a 16-year-old girl and her family, bomb threats, and more.
This will be discussed on the Security Box, this week, stay tuned as I think the phone lines will light up.
Comments (0)
Sans News Bites: July 30, 2021 Vol. 23, Num. 059
Here is Sans News Bites for July 30, 2021. Guess I should look at WordPress and see if I need to give it a nudge so that it can get the latest manager unless Shaun has already done that. There’s other stuff too, if you’re interested, please feel free to read it and see if anything applies to you.
Comments (0)
Sans News Bites July 27, 2021 Vol. 23, Num. 058
This Newsletter covers quite a number of things including IOS 14.7.1, Windows has another problem mainly in server versions, the No More Ransomware project and more.
Here is a link to the newsletter for those who want to read it.
Comments (0)
A Family of Fraud gets busted
Another item that was covered in news notes delbt with a fraud family ring. This is a very interesting story because one of the suspects is 15 years of age.
The 15-year-old was responsible for selling, while a 24-year-old wrote the code. Dutch police are taking after the United Kingdom and trying to train teen hackers not to utalize their skills for hacking. I do hope that this works out for them because prison should probably be the last resort in my opinion.
The article is Dutch police bust alleged ‘Fraud Family’ phishing service members and it was a good one. Hopefully they learn.
Comments (0)
Kaseya gets a decryption key
We don’t know exactly how Kaseya got their decryption key, but they better count themselves lucky. In fact, Revil from what we can tell and learn, didn’t get paid either by their affiliate or the main operators to boot.
It seems as though Revil may not be done yet, as I spotted an article talking about a different name, and if that is the case, we’re in for a long ride.
For now, Kaseya obtains decryption key for victims of massive ransomware attack should be read, and is worth the read. Its interesting news we have in regards to this and I don’t think it’ll be the end of whatever the gang wants to call themselves now.
News Notes for podcast 54 has highlights from this article, so check out the podcast for complete details unless you want to read the article.
Comments (0)
Spam Kingpin gets time served
Hello folks,
While the podcast is out now, and show notes are up as well, I still want to write about the items I have and this one is talking about a Spam Kingpin that is getting off with time served.
The Gentleman is originally from St. Petersburgh, Russia. According to the article, he was a pivital person in the cybercrime industry, he was able to keep track of people and rent out his botnet for hundreds of dollars depending on the job you wanted.
Peter created some of the nastiest things out for its time including the storm worm, the Waledac botnet and the Kelihos botnet as well. Each of these are links within the article so you can learn about each of these.
He also ran affiliate programs which paid other cybercriminals as well.
According to the article, he’s got a family, and hopefully time served will be enough. Brian Krebs goes in to a lot more detail on everything, so if this interests you, than go and check out his article.
The article is titled Spam Kingpin Peter Levashov Gets Time Served so go check it out.
Comments (0)
The Security box, podcast 54: Scammers Will Stop At Nothing
This is the link to the Security Box which is 125.1mb. While there were no calls today, that’s OK. I covered everything I wanted to, even going back to something we didn’t really cover in great detail as part of trying to solve overall security things like not having necessary addresses on domains if you don’t need them.
DKIM can also play a part, and while i ran over the beginning of what DKIM is, and we covered it briefly as part of podcast 37, I talk about an email which failed DKIM but yet some systems will deliver it.
I believe i know why we deliver it, which I didn’t cover only because DKIM is not implemented the same everywhere, so email ended up getting lost in the process.
Below, please find the show notes, and thanks for reading!
Hello Everyone! Welcome to podcast 54 of the Security Box. On this edition of the program, learn about Windows 11, the latest Microsoft operating system and what scammers are doing to monitize even while this version is still in beta. Next, come with us and learn about the latest in the average ransomware payments as it looks like they are declining, for now. We’ll have news, notes, hopefully calls with questions or discussion throughout. If you want to leave feedback and you’re listening through the podcast, call 602-887-5198 or email, imessage, whats app, or text your thoughts. The lines of communication are given throughout and I welcome what you have to say.
Topics
Here are the topics for today’s program.
- Scammers are using fake Microsoft 11 installers to spread malware
- Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says Cyberscoop
Sans News Bites
Here are links to Sans News Bites, a newsletter by Sans Institute. While we may cover some of the items in these newsletters, you should read these to determine if something affects you.
- Sans News Bites for June 20, 2021 Sans News Bites
- Sans News bites for July 23, 2021 Sans Institute
News that have been read from around the web
The following is news that have been read from arount the web. Some may be blogged, some may not have been blogged.
- Serial Swatter Who Caused Death Gets Five Years in Prison Krebs on Security
- Spam Kingpin Peter Levashov Gets Time Served Krebs On Security
- Dutch police bust alleged ‘Fraud Family’ phishing service members Cyberscoop
- Kaseya obtains decryption key for victims of massive ransomware attack Cyberscoop
- An explosive spyware report shows limits of iOS, Android security Ars Technica
We hope you enjoy the program as much as we have bringing it together for you!
Comments (0)
Serial Swatter only getting 5 years
While writing up news notes for the security box podcast, I just couldn’t get mad at this article. It isn’t Brian’s fault I’m mad, he’s just the reporter. He did a great job in covering this case, and it is quite complicated.
The article is titled Serial Swatter Who Caused Death Gets Five Years in Prison and as I said, it made me mad.
An 18-year-old and his co-conspirator decided to harass various victims including a 60 year old man who died after a heart attack because police and swat teams were at his home thanks to these people. Not only that, but other people are mentioned in this article that have had dealings with the same people.
Shane Sonderman, of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targets into giving up their valuable Twitter and Instagram usernames.
At Sonderman’s sentencing hearing today, prosecutors told the court the defendant and his co-conspirators would text and call targets and their families, posting their personal information online and sending them pizzas and other deliveries of food as a harassment technique.
Other victims of the group told prosecutors their tormentors further harassed them by making false reports of child abuse to social services local to the target’s area, and false reports in the target’s name to local suicide prevention hotlines.
Eventually, when subjects of their harassment refused to sell or give up their Twitter and Instagram usernames, Sonderman and others would swat their targets — or make a false report to authorities in the target’s name with the intention of sending a heavily armed police response to that person’s address.
…
Unable to disengage a lock on his back fence, Herring was instructed to somehow climb over the fence with his hands up.
“He was starting to get more upset,” Billings recalled. “He said, ‘I’m a 60-year-old fat man and I can’t do that.’”
Billings said Mr. Herring then offered to crawl under a gap in the fence, but when he did so and stood up, he collapsed of a heart attack. Herring died at a nearby hospital soon after.
The last paragraph is important, as this poor guy trie to comply and died because of what these clowns did.
There is also a woman that was also targeted because of her two-letter name registered on social media. She decided to use the letters of her name, VD as her username. Not only was she harassed, but a bomb threat was made among other things.
According to the article, the suspect has a confirmed condition of bipolar disorder, and a statement read to the court mentioned this and an adiction to drugs that were psychiactric in nature. The judge sentenced him to the maximum by law, but I wonder if this isn’t enough? Sure, he has medical conditions, and I could make sure he is segrigated from the rest of the public because of his condition, we need to send a message that this type of thing is not to be tolerated. Take the case, and any medical conditions and make a case on sentencing where appropriate. Thoughts? Read the full article titled Serial Swatter Who Caused Death Gets Five Years in Prison for all of the details.
Comments (0)
An explosive spyware report shows limits of iOS, Android security
Michael in Tennessee sent this to me, its worth the read. That is why we need to install our updates when there are some, and keep our guard up.
Amnesty International sheds alarming light on an NSO Group surveillance tool.
Source: An explosive spyware report shows limits of iOS, Android security
Comments (0)
Sans News bites for July 20, 2021
In the better late than never department, Here’s Sans News bites for July 20, 2021. I didn’t get this in to last week’s security box, and I’m going to try and get better on making sure that we get all of these.
There is plenty including the older news that REEvil had potentially gone dark, and we know now that that is the case. If you need this newsleeter issue, go and get it now.
Comments (0)
Ransomware payments went down 38 percent in Q2 of 2021
I’m surprised that Phishlabs didn’t write up this article, but Cyberscoop did and they did a great job. There are some very interesting stats within this article, but there are also lots of items linked in here.
Maybe I should say that there are some stats, but Phishlabs really breaks it down which is why I like their analysis much better.
So, … Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says is the article from Cyberscoop and I hope you guys read it. This is the second topic of this week’s program and yes … I quoted some stuff as it is worth quoting.
Please feel free to comment if you found this article of interest.
Comments (0)
Scammers aren’t done, Microsoft Windows 11 is targeted
In a very interesting article I read and will be one of two topics for this next week’s Security box, Scammers are targeting Microsoft windows 11.
Granted, 11 was announced in June, and an Insider build was released shortly after, but scammers know what people want. When searching out windows 11, you can get something that could be annoying, or even as bad as a trojan or a password stealer. Microsoft has a lot to worry about, and several items are mentioned within this article.
Better have your guard up, Scammers are using fake Microsoft 11 installers to spread malware is the article, and it’s also going to be linked in our show notes for discussion.
Comments (0)
Sans News bites for July 23, 2021
Hello folks,
Friday’s newsletter is out, and I urge everyone to take a listen to it by reading the article, if youread by access technology, or read it with your eyes. Some of the items may be of importance to you, and I want you to have access.
Here is the link to this newsletter for you to have.
It covers IOS 14.7 which is available now and has been for several days. I’m surprised that the Pegasus software which the tech podcast has covered for quite some time, IOS does have fixes we need to go and have applied.
Better get your game on. Maybe its time this evening that I take my phone offline to do the update. An hour is worth the time it may take to get as secure as possible. Thanks so much for reading!
Comments (0)
The Security box, podcast 53: Better Get Your Windows Update on … especially if you print
Hello folks,
This is the link to podcast 53 for you to freely download. While we had trouble with what I thought would be a simple process of merging calls, but Skype broke it. It is 184.1mb in size.
Here are the show notes for this week’s program.
Hello everyone, welcome to the security box, podcast 53. On this edition, we’ll be talking about some of the things that articles talk about in regards to Windows Update that came out the week of July 16, 2021. Seems like we had good success with last week where we opened the phone lines for others to participate in an open forum, so we’ll do that again and see what happens and if people participate or not. You can always comment after the fact by calling our voice mail line at 602-887-5198 and letting me know you want your comments aired. We’ll also have some news notes and maybe a discussion on those as well.
Windows Update
Here are the articles that deal with Windows Update. One is by Trend Micro and one is done by Brian Krebs from Krebs on Security.
- July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Trend Micro
- Microsoft Patch Tuesday, July 2021 Edition Krebs on Security
Sans News bites
- Sans News bites for July 15, 2021 Sans Institute
News Notes from around the web
>
- REvil ransomware gang sites go dark, for reasons that remain unclear Cyberscoop
- Senate confirms former White House, NSA official Jen Easterly as CISA director after delay Cyberscoop
- Facebook catches Iranian spies catfishing US military targets Ars Technica
- Morgan Stanley discloses data breach that resulted from Accellion FTA hacks Ars Technica
- day gave Chinese hackers privileged access to customer servers
Hackers IDed Ars Technica
Thanks so much for checking out the program, and we’ll make it work. Its all a learning curve, and we all learn how this works. Thanks again for checking out the program! We’ll see what next week’s program brings.
Comments (0)
SolarWinds 0-day gave Chinese hackers privileged access to customer servers
Wow. This is quite interesting. Dev0322 now in the solar winds ordeal now.
Hackers IDed as DEV-0322 have a fondness for defense contractors and software-makers.
Source: SolarWinds 0-day gave Chinese hackers privileged access to customer servers
Comments (0)
Morgan Stanley discloses data breach that resulted from Accellion FTA hacks
I can’t blame Morgan Stanley directly for this one, but anothr story about the file transfer application we talked about some time ago. Wow.
Financial services firm says data was stolen by exploiting flaws discovered in December.
Source: Morgan Stanley discloses data breach that resulted from Accellion FTA hacks
Comments (0)
Facebook catches Iranian spies catfishing US military targets
Putting a new spin on cat fishing, eh? Michael in Tennessee sent me this one, and I think we hould look at it. Found the article from Ars very interesting. Its quoted and sourced below.
Hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
Source: Facebook catches Iranian spies catfishing US military targets
Comments (0)
Ransomware attack at Comparis resulted in data breach
If people are familiar with this, better know about it. Doesn’t seem like a U.S. company, so it is good for us in the States. The post is on twittr and it was three days old.
Last week’s ransomware attack on Swiss price comparison website Comparis resulted in a data breach.
Source: Ransomware attack at Comparis resulted in data breach
Comments (0)
July Patch Tuesday is here, better get your patch on … especially if you print
Hello everyone, both articles from Trend Micro and Krebs on Security are similar in content this week. While Krebs mentions Adobe as he always does, both articles make sure that you are aware of several things.
- There are either 116 or 117 different patches are out there.
- 15 of the patches were submitted through the Zero Day Initive project.
- The biggest vulnerability is fixed in this week’s update dealing with printing.
- Several other CVE’s are given and linked within talking about other aspects of vulnerabilities.
The Print issue
Both articles talk about CVE-2021-34527, an issue that deals with printing in Windows. An out of band patch was issued last week in regards to this vulnerability however it may have caused problems according to what I’ve read.
The vulnerability is known as print nightmare and there is guidance linked within Trend Micro’s article. Of course, Trend Micro talks about Microsoft Exchange and DNS servers multiplied. Krebs also has the same MSRC link for the print nightmare and links to the others as well.
I recently rebooted after a good week and Windows promnpted me to update and restart which I did.
While I don’t print, if you do, you’ll want to know about this vulnerability and othrs that might affect you, so give the two articles linked a read. Just click on their names to read it.
Comments (0)
The Security box, podcast 52: The Security of our Water Supply, news notes and a very interesting robery story to boot
Hello folks,
I don’t have a link to one of the best interesting articles I’ve found to date in a news story heard on Michael in Indiana’s local news, but boy you’ll want to hear that. We talk about the water supply hacks and go in to password managers and other topics as Michael in Tennessee joins me.
Here is the link for this week’s program. The file size is 153.6mb.
Below, please find the show notes, which include links to the things we’re talking about.
Welcome to the security box, podcast 52. On this podcast, let’s talk about the water supply hacks and the growing threat of them through the help of an interesting article by Last Pass. After that, we’ll see if people partook in an open forum of topics they want to talk about and of course news, notes and highlights from the landscape that have been read.
Topic: The Water Supply and the landscape
- The Growing Threat of Water Supply Hacks Trend Micro
News Notes
Below, find links to items that are of interest we’ve read from around the landscape.
- Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax Krebs on Security
- Malware spammers aim to leverage Kaseya ransomware drama in email campaign Cyberscoop
- Report: iCloud+ Private Relay could spell the end of iOS ad fingerprinting But it isn’t perfect imore.com
Thanks for listening!
Comments (0)
navigation menu
- Archives
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
Join 10 other subscribers
- The tech blog’s pages
- Blogroll
- Crashmasters blog
- Cyberscoop
- Documentation
- Improve Internet Accessibility for Individuals with Impaired Vision
- International friends network stream
- Kim Komando
- Krebs On Security
- Plugins
- Register to this site
- Suggest Ideas
- Support Forum
- supporters and partners
- the blind perspective
- The Jared Rimer Network donations page
- The Phishlabs Blog
- The Security Box discussion list
- The Technology blog and podcast and TSB on amazon music podcasts
- Themes
- toptechtidbits
- WordPress Blog
- WordPress Planet
- “Blind VMS and the Tech podcast join forces”