The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
This week in security news, news ending August 27, 2021
This is the link to the securithy news that ended last Friday, the 27th.
Looking at the headlines, there may be something you need to know, but I’ll let you peruse the headlines and then decide if something is of interest for you. Thanks Trend Micro.
- Linux Threat Report H1′ 2021: Key Security Takeaways
- Google Removes Fake Crypto-Mining Apps
- Earth Baku Returns: Uncovering the Upgraded Toolset Behind the APT Group’s New Cyberespionage Campaign
- TippingPoint Threat Protection System Certified by NetSecOPEN
- OnePercent Ransomware Group Hits Companies via IceID Banking Trojan
- New Campaign Sees LokiBot Delivered Via Multiple Methods
- Poly Network Recoups $610M Stolen from DeFi Platform
- What the Norton-Avast Merger Means for Cybersecurity
- White House Rolls Out Pipeline, Supply Chain Security Initiatives as Companies Pledge Billions in Cyber Spending
Ransomware on a Rampage; a New Wake-Up Call
I read some, depending on the source. What did you find and was it of interest?
Comments (1)
Another crime gang is now calling victims if they don’t pay
FBI warns that Hive ransomware hackers are calling victims by phone is a very interesting article that we can’t pass up. As I get news notes together, I’ll do my best to find the ones I think should be blogged, so look out for some more blog posts.
According to the article, maze, conti and RYUK were three others that used this tactic if they didn’t get a ransom.
I know a lot of us don’t want to answer our phones, and I had that experience today. I was on a call so let the other one go by. When I checked voice mail, it said to press one to talk to a specialist for warranty coverage or 3 to cancel the coverage. What warranty and what coverage? I don’t have a car, I can’t drive. I wish I could, but it isn’t in my cards.
There’s plenty to read in this article, better on click through if this interests you.
Comments (0)
The Security Box, podcast 58: What the Hell is Going On with T-Mobile?
Hello folks,
This is the link for this week’s program. It is 151.11mb in size.
As a side note, the RSS got two podcasts as we were notified that podcast 56 didn’t make it up and it is now.
Here are the show notes for podcast 58.
The Security Box, podcast 58: What’s the matter with T-mobile? Why are system failures on the rise? News Notes and More
Hello Everyone, welcome to the Security Box, podcast 58. Question: what the hell is going on with T-Mobile and their inconsistancies of containing breaches and lying about what they were going to do when they were granted the murger with Sprint? Who is ENISA and why are they saying that system failures are on the rise? Finally, what is the Chaos Ransomware and why could it have impacts beyond a proof of concept? We explore all of these topics, as well as news and notes from around the landscape on this edition of the podcast. Fasten your seatbelts!
T-Mobile
Here are the articles read that deal with T-Mobile to date. We’re still learning more and nothing is very clear yet. The investigation continues.
- T-Mobile apparently lied to government to get Sprint merger approval, ruling says Ars Technica
- Hackers who breached T-Mobile stole personal data for ~49 million accounts Ars Technica
- T-Mobile investigates potentially massive breach of consumer data Cyberscoop
- T-Mobile Investigating Claims of Massive Data Breach Krebs On Security
- T-Mobile: Breach Exposed SSN/DOB of 40M+ People Krebs On Security
- T-Mobile confirms breach of more than 8 million customers’ data Cyberscoop
Other Topics
- Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Trend Micro
- ENISA says System Failure is on the Rise Trend Micro
News Notes from around the landscape
- New York man sentenced to 3 years for stealing students’ nude photos after hacking their accounts Cyberscoop
- Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer Cyberscoop
- Ohio man pleads guilty to role in $300-million cryptocurrency laundering service Cyberscoop
- Japan’s Tokio Marine is the latest insurer to be victimized by ransomware Cyberscoop
- Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras Cyberscoop
End of notes
Comments (0)
Other articles that might be of interest
Hey folks,
Here are other articles that might be of interest that we’ve read from the past week.
- New York man sentenced to 3 years for stealing students’ nude photos after hacking their accounts Cyberscoop
- Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer Cyberscoop
- Ohio man pleads guilty to role in $300-million cryptocurrency laundering service Cyberscoop
- Japan’s Tokio Marine is the latest insurer to be victimized by ransomware Cyberscoop
- Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras Cyberscoop
You’ll see these again as they’re in news notes, but I thought you should probably see these in case you want to send commentary about them for a future program whether it is this one coming up or another one. Hope to see some of you later on, and th link will be provided later on.
Comments (0)
System failures on the rise
ENISA says System Failure is on the Rise is a Trend Micro article that I think we need to review. For the show notes, I’m going to read the bulk of the article as part of the discussion, and Trend Micro links to the reports they’re talking about.
They also have a paper on research in to this area.
Normally I don’t read the articles in full, but this article is quite interesting and has lots of numbers in here that I think are important as part of leading the discussion.
Let me know what you think about this article and some of what it has to say. I’d be curious.
Comments (0)
Nokia subsidiary reveals data breach following Conti ransomware raid – TechCentral.ie
Just coming across this one. Nokia through someone else. Here’s a bit from the article and a link. It didn’t saycustomer data was targeted, but you should read it so you are aware.
A Chicago-based subsidiary of Nokia has admitted to a data breach after it was the victim of a ransomware attack that left systems encrypted and data stolen. According to a letter sent out to current and former employees, SAC Wireless disclosed that an unauthorised third party accessed its systems as part of a ransomware attack [&hellip
Source: Nokia subsidiary reveals data breach following Conti ransomware raid – TechCentral.ie
Comments (0)
the vale complete playthrough
Hi well just uploaded the vale playthrough which I have been wanting to get out for ages.
Look at the blindvms page.
Its on the cutt.us/blindvms, page as always.
Anchor.fm and mixcloud have it to.
Anchor has it in full episode form at least 6 hours though, and mixcloud has it in part form because you can only upload 1 file at a time.
In addition I have made this have its own folder on keybase.
https://keybase.pub/shauneve/valeplaythrough/
There are 5 episodes numbered.
The first is the introduction and is basically the demo.
The second is rivertown itself.
The third and 4th should have been 1 but I had to end it prematurely because dad started mowing the grass and I had to stop due to noise.
Part4 is crow itself and part 5 is basically what was left.
This ends this current itteration of audiogame work and it looks fine.
Comments (0)
T-Mobile is not done, now class action suits are coming
Michael in Tennessee sent this article titled How angry T-Mobile subscribers responded to the latest data breach and its time for t-mobile to come up to the plate and tell us the story. While the show notes of this coming podcast has earlier articles, I infdicate we’re still learning more and this lawsuit hopefully will get t-mobile to think about this long and hard.
I’m not sure we’re done, but there are millions of t-mobile customers who will never see any kind of money. Better read this one if you’re a T-Mobile customer. This is only getting started.
Comments (0)
Chaos Ransomware is something to be afraid of
Hello folks,
One of our other topics as part of this coming week’s podcast is talking about the Chaos Ransomware Development kit. In some similarities, it did at one point resemble RYUK, although its early days resembled more of a Trojan than ransomware activity, but now, they’re in line with the ransomware activities.
Trend Micro indicates that there are no victims yet that have been affected, and its already on its fourth iteration.
For the complete details, please read Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications and prepare for a long list of file extensions it can target. Some you may be familiar with, others you won’t. Just know you’ll be in serious trouble if you do get this.
YOur typical file extension like .txt, .htm, .asp, .mp3, .mpeg, .mp4 and many others are listed. Better look at the article, we sent this to the Security Box list already and finally getting a chance to write about some stuff.
Comments (0)
What’s going on with T-Mobile?
Here is the article list which was read in the past week dealing with the recently reported T-Mobile breach.
We’re still in the informative stages, but we’ll be talking about this on the tech podcast known as the security box for this next week.
I talk about some info from several of the below articles, but they are still in the informative stage, as you’ll see from the titles.
Please protect yourself.
- T-Mobile apparently lied to government to get Sprint merger approval, ruling says Ars Technica
- Hackers who breached T-Mobile stole personal data for ~49 million accounts Ars Technica
- T-Mobile investigates potentially massive breach of consumer data Cyberscoop
- T-Mobile Investigating Claims of Massive Data Breach Krebs On Security
- T-Mobile: Breach Exposed SSN/DOB of 40M+ People Krebs On Security
- T-Mobile confirms breach of more than 8 million customers’ data Cyberscoop
Comments (0)
The Security box, podcast 57: the name game of Ransomware Gangs, Windows Update, and CSAM and apple products
Here is the Security box, podcast 57 as a download. Here is our RSS if you need it.
The file size is 115.7mb for those who want to know.
Here are the show notes for this program.
Welcome to the security box, podcast 57. We have three topics for you today, and I hope that you will enjoy them. The first topic for this podcast will be talking about the name game of the ransomware gangs we have out there. The second topic which was totally forgotten is of course Windows Update and what is happening with that operating system. Finally, probably the most contravercial topic we have to date, Apple and how they’re handling the images that people may have that are backed up in to icloud that deal with children and the potential of abusive images of a sexual nature. We will also have news notes and commentary as well, buckle up as you don’t know what’ll happen with these topics! The program may contain adult content, and listener disgression is advised.
Topics
- Ransomware Gangs and the Name Game Distraction Krebs On Security
- Windows Update
- August Patch Tuesday: A Quiet Month for Microsoft Trend Micro
- Microsoft Patch Tuesday, August 2021 Edition Krebs On Security
News and Notes from around the landscape
The following are items that will be linked here and discussed in news notes for this week. There may be items that are not article related that may not be shown here in the notes.
- Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants Cyberscoop
- Phishing Sites Targeting Scammers and Thieves Krebs On Security
- Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business Cyberscoop
- European police round up 23 suspected scammers accused of $1.2 million fraud Cyberscoop
- Two members of QQAAZZ, which laundered funds from cybercrime, plead guilty Cyberscoop
- Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One Trend Micro
- Hospitals hamstrung by ransomware are turning away patients Ars Technica
There may be more, please check out our blog and email list for more. Thanks for reading and listening to our show!
End of program
Comments (0)
Security News ending August 6, 2021
I’ve been meaning just to blog the This Week in Security News – August 6, 2021 which was last week’s news. I’ve been getting bad at doing this, and I have this past week’s still to go and look at. This is beyond repair and I must get better.
- Browser Notification Spam Tricks Clicks for Ad Revenue
- Survey of 3,600 businesses worldwide calls cloud computing an ‘elevated risk’
- Homeland Security Releases New Cybersecurity Rules
- Your Facebook Account Was Hacked. Getting Help May Take Weeks — Or $299
- The First Half of 2021 Cyber Risk Index
- 14 Top Cybersecurity Trends to Expect at Black Hat Conference
- Supply Chain Attacks from a Managed Detection and Response Perspective
- Ransomware Attackers Eying ‘Pure Data-Leakage Model’
- US Government Agencies Are Failing to Meet Even Basic Cybersecurity Standards
Above are the article titles, links are in the article I linked to already. Find something of interest you want to have discussed? Bring it up!
Comments (0)
Ransomware gangs change names, lots of old names here
So I’ve been trying to figure out what to write about this very interesting article titled Ransomware Gangs and the Name Game Distraction and I find it difficult.
While I wrote some stuff from the article in regards to some of the names, it goes back as long as we’ve been covering some of this stuff.
I may have covered this stuff more in audio, mainly because I didn’t know what to write about them, unless I shared articles. Brian links to tons of stuff, so you’ll want to read it.
If you’re sighted, you may want to check out the graph. I’d be interested on what the graph is about as its a visual thing. Feel free to send me an email.
Is the name game all that? Sound off in the comments.
Comments (0)
my responce to recent comments and posts
Hi.
Well for whatever reason my comments just don’t take and not sure why.
Also I can’t seem to be able to comment it just wants me to sign in nothing wrong but oh well I have 2 things to comment on.
1. zoom.
I have never had issues with zoom and use my google account.
I like google knowing about my meetings and calendars notifying me, usefull as hell.
I don’t do many meetings though.
I have never had a zoom bomb but maybe I was just lucky.
Zoom is new, but yeah I am in 2 camps about sharing information with google.
Its actually not that bad, by going on google/amazon/facebook, etc you are sharing information.
What information were you sharing exactly.
Email addresses can be easily gotten its after all the main form of communication.
Addresses and phone numbers while a little harder, well address can be gotten easily enough.
Phone numbers I am unsure but probably easily enough.
I’d be concerned if my credit card was being sold or something like that but its hard to get to pissed about whats already in public record.
Becides we share most of that just by being online.
The apple things yeah I have read about it but I can’
‘t be any judge as even my little country is not as stable as some would like and some of those are on the other side and others are on the other side and I am in the middle.
Any tech can be used incorectly by anyone.
Even the most secure can be hacked, have we forgotten about all those breaches in helifax and yahoo?
At any rate it appears that you would have to hack apple and the databases in question and somehow bypass the human checks so no one notices to actually modify the images.
Apple aint going to scan all images it would impact on performance and becides I’d doubt they would last long, no company is that stupid even the most corrupt.
So the only thing is look before you click.
And if you wana go there, use a vpn and don’t use your phone not that I condone any of this shit of course.
Comments (0)
Apple, Images and NCMEC’s work
There are several articles out there about a new feature coming to IOS 15 and Mac updates in the fall. The updates revolve around images that are known in NCMEC’s database of images that may be inappropriate.
Each company may have their own solution of how they deal with this problem, but people are at arms about Apple’s solution.
While I’m not an expert, but yet I am unaware of anyone trying to solve the problem of inappropriate images floating around the Internet and harming people, I think Apple may be on to something.
Here are the articles, and we’ll talk about this on the Security Box with one of them.
- Apple’s new solution to combat child abuse imagery could radically shift encryption debate Cyberscoop
- Apple explains how iPhones will scan photos for child-sexual-abuse images Ars Technica
- Apple says it will refuse gov’t demands to expand photo-scanning beyond CSAM Ars Technica
All of these articles talk about this problem, but I don’t know if we have a solution that could look at solving this. If you were a tech company, what do you think you’d do?
Comments (1)
Windows Update is around the corner, here are the articles
This week is Windows Update, and it is around the corner for our computers. The good news is that we have at least 50 patches to apply if applicable. Both Krebs and Trend have articles on the subject, so read the one you want and get yourself informed.
- August Patch Tuesday: A Quiet Month for Microsoft Trend Micro
- Microsoft Patch Tuesday, August 2021 Edition Krebs on Security
Both are detailed and links to various things that may be of interest to you. Read them and apply the patches that are needed for you.
Thanks for reading!
Comments (0)
The Security Box, podcast 56, What’s going on with the lifecycle of a breached database?
Here is the download of yesterday’s Security Box. It is 145.9mb in size.
Do you want RSS? Here is the RSS for you.
I’ll be getting more on the blog later, but for now, here is the show notes with links to today’s topics and the like.
Welcome to the security box, podcast 56. Two comments will start us off as someone commented on the replay of our show from last week. Both are good comments worth bringing up. Next, we’ve got a topic that might be of interest talking about the lifecycle of a breached database. Next, let’s find out how the government is doing with their Cyber Security. What did the senate report find? Find out in our second topic. We’ll have news notes and commentary as well.
Topics
- The Life Cycle of a Breached Database Krebs on Security
- Federal agencies are failing to protect sensitive data, Senate report finds from Cyberscoop and The State Department and 3 other US agencies earn a D for cybersecurity from Ars Technica go hand in hand. Both articles are good, but ars has a very interesting table and other stuff too.
News Notes read from around the landscape
- Google Play Protect fails Android security tests once more Bleeping Computer
- A US official explains why the White House decided not to ban ransomware payments Cyberscoop
- Cyberattack knocks Italian vaccine registration portal offline Cyberscoop
- Facebook stops NYU researchers from examining misinformation, is criticized for ‘silencing’ transparency efforts Cyberscoop
- Criminals are using call centers to spread ransomware in a crafty scheme Cyberscoop
Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records Cyberscoop
There is more news, but this is some of what we’ve read throughout the past week. I’ll be blogging some more news, and of course, the list will have plenty more.
End of program
Comments (0)
Zoom to pay $85M for lying about encryption and sending data to Facebook and Google
How do i get involved in this lawsuit? i’ve used zoom for a year now and it did say that it was end to end encrypted. While I’ve never had problems, I bet others have the same question, but $15 to $25 is not enough on what Zoom did.
Zoom users to get $15 or $25 each in proposed settlement of class-action lawsuit.
Source: Zoom to pay $85M for lying about encryption and sending data to Facebook and Google
Comments (0)
A US official explains why the White House decided not to ban ransomware payments
I read this article A US official explains why the White House decided not to ban ransomware payments from Cyberscoop which sparked some discussion on the new Security Box email list. Unfortunately, I think this may be the only way to go, as it does fuel the enterprises to continue.
I do see the point however that it can drive them more underground, but maybe they’d just do everything in cash with mules and the like. They call them money mules.
We know that criminal activity is already done in many different ways, but crypto currency only fuels it because the money is untraceable. If we go back to the tracing of it, maybe we can pick up these guys. Problem is that they’re overseas, and they can’t easily do this ransomware thing if they don’t have crypto because other methods can be traced and investigated. That, I think we need.
Comments (0)
Sans News Bites for august 6
Here is the link for Sans News Bites for August 6, 2021. There are several things that are in here, including one in the topic category for the next box. I’m not going to do headlines this time for Sans, but i’ll link it here. What did you find of interest in this newsletter?
Comments (0)
navigation menu
- Archives
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
Join 8 other subscribers
- The tech blog’s pages
- Blogroll
- Crashmasters blog
- Cyberscoop
- Documentation
- Improve Internet Accessibility for Individuals with Impaired Vision
- International friends network
- Kim Komando
- Krebs On Security
- Plugins
- Register to this site
- Suggest Ideas
- Support Forum
- supporters and partners
- the blind perspective
- The Jared Rimer Network donations page
- The Phishlabs Blog
- The Security Box discussion list
- The Technology blog and podcast and TSB on amazon music podcasts
- Themes
- toptechtidbits
- WordPress Blog
- WordPress Planet
- “Blind VMS and the Tech podcast join forces”