The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
Combating breach fatigue
Hello folks, Combatting Breach Fatigue is a great article to have in our corner., as I feel we’re pretty much cooked at this point.
It talks about password managers, the fact that 90 percent of people have at least 50 accounts or app passwords and 51 percent of persons use their memory to remember passwords.
There are links to things that might be of interest, and it’ll be our topic as this week’s podcast. See you there!
Comments (0)
WordPress and school plug in pro at risk
I’ve seen this article around here for several days now. Its an ars technica article Researchers find backdoor lurking in WordPress plugin used by schools and while they show code which I mainly skipped, you should check this out if you use this plug in, especially the paid version.
The short version, it can take over a website that has this plugin installed, and again, only if you have the paid one.. The vendor of this plugin doesn’t know how it got there and they don’t know how long it has been around.
I thought I’d finally get this out, I thought about talking about this on the show, but I don’t know anyone who is running this. If you do, please pass this along.
Comments (0)
Sans news bites for May 27, 2022
This is a link to sans news bites for May 27, 2022. it covers things including Zoom and other very interesting news.
If you have found something of interest you want to bring up for a future show, please let us know and we’ll consider it.
Thanks so much for reading and participating on our programs!
Comments (0)
With Vacations and summer coming, people may want or need to rent cars
While we know people will take summer vacation and probably need to have someone rent a car or they may rent a car, Kim Komando’s staff is posting about a potential scam that you need to know about.
Turns out that if you find one of these sites, the payment method to get a car would be familiar to some of us, gift cards. By paying by gift card, they say, you can get a steep discount.
Renting a car? This mistake puts your data and money at risk is the article, make sure you peruse it so you make sure that you’re not putting yourself and your money at risk.
Thanks for reading.
Comments (0)
Site admin update
Hi all users on here.
This is crashmaster here.
So where have I been.
If you read my blog smeveriss.wordpress.com you will know exactly where I have been but you may not have any idea where I have been technically.
Before I start, we are on wordpress 6.0 according to the blurb at the bottem of the page via autoupdate so thats quite good.
Its supposed to be more accessible.
Next, security, after a lot of mucking about with keys and the like, we have in addition to ipstack on 0spam which has given us a banging performance, ipinfo, project honeypot and forum stop.
Sadly not google as google needs a maps project etc.
And all for nothing, obviously there are limits but get the best out of the site you can.
You may notice the site will initially load a little slower as all the security kicks in however the good thing about this that in addition to our verification with email address, a lot of the spam is funneled through databases of addresses and through according to honeypod sponsors some cloudflare servers.
What that means for users is while the site will load a little slower now its more protection between the nasties and I can sleep better at night knowing we have well all the stuff we ever need running on the system.
So where am I from a technical standpoint.
First the cast.
No idea, keep meaning to jump back but lets face it, once liam or pg13 get a hold of whatever I am going to podcast about, they completely own my ass which is ok, I enjoy their look on the cast then I think, well its done by someone I respect better than me and thats that.
Beyond the chiron gate has not been done but I don’t know, its text for 1 thing, and for another I have not won yet but its a banging game so search it on itch its 10 bucks well spent.
Basically be anyone you want piloting your ship so anyone from startrek, federation, etc, you can edit things so if you really want to you can be the mirror universe or a klingon or a borg if you really want to be well whatever.
Roleplay is huge.
It helps if you have watched a series though for the most part I have managed to destroy my ship or kill all the crew or have things screw up and just when I have a computer upgrade to.
So I may have to rethink my strategy and decide if I go full hog when to quit.
In other news tech wize I am going to be working on another computer that may equal a podcast on windows 11 setup.
I am also getting an nas either asuster or qnap so my specs are 1.4 arm media or realtech, 1 or 2gb ram and 2 4 tb seagate ironwolfs or wd reds depending on prices.
Who knows where that goes.
Unsure where else I will go with work going to get better but oh well.
Anyway thats me and I will lerk about and read more.
Nvda has a new version and on audiogames and the list we are discussing things related to its stableness and the direction of nvaccess so check that out and comment if you want to.
Before I go all please recheck your updates on your updaters for your various computers as I just found firmware updates on some of my older machines.
Laters all till next time
Comments (0)
Can Social media have any influence on mass shootings like the one in Texas?
We know now a little more information about the shooting that took place on Tuesday that killed potentially 19 children and two adults and one still in critical condition.
While this blog is more of a technology blog, we now know that the gunman in this case did start on two different social media platforms, and it even went so far as to include direct messages between several people including an unknown girl.
The article I’m about to post was written by Kim herself for komando.com and talks about the case as well as another case which also started on social media.
The article is titled: In the wake of the Texas school shooting, social media must do better and should be studied.
Instead of contacting your senators and the house like Kim says, maybe we can hold social media responsible ourselves. I hardly use Facebook as it is, I don’t have Instagram, but if we really are fed up with the fact that they aren’t doing what they can to combat this, even if a mass shooting took place later, than we shouldn’t be on it.
I don’t post my life on social media , I post articles I’m going to read throughout the landscape from sources i read anyway. This blog posts there so people can read what I like.
But a lot of people are careless and post what they want, some of them like what has happened.. Some are not so careless that way but are careless other ways.
What do you think of this article, and where do we start?
Comments (0)
Do you use Duck Duck Go? Better check this out
I’m not saying for one minute that duck duck go is bad. But i just saw this article while going through email that says that it does track you when clicking on advertising.
While some of us don’t click on advertising, we should be OK, because the search results are not tainted.
Komando.com has the full detail on this, better check it out.
Bad news if you use DuckDuckGo – It was tracking you is the article.
Comments (0)
The Security box, podcast 96: Two Hospitals being targeted with ransomware, News Notes and continued shootings and why we’ve not done anything about it
While the real world deals with Shootings across the country and yet another one active going on thanks to Scanner Radio, we must press on. We’ve do talk about this recent one in Texas and ask how we can solve things like this, especially since we later learn that the person involved started on social media. We learned this later on.
Besides that, we’ve got quite a bit of news which I go through, some of which I go through on the blog, by mentioning that its there.
Don’t have RSS? Don’t worry! Download the 135.36mb file and here are the rest of the show notes.
Welcome to podcast 96 of the security box podcast series. We’re going to bring back news notes for this program, and we’ve picked out some good stuff. Some may be on this blog, other may not be on this blog.
Our main topic is going to talk about the Health Care Industry and whether it is as secure as possible. The reason why we’re going to talk about it is plain and simple, there have apparently been two more attacks on the health care industry, yet, one of them is a non-profit.
The article is titled Ransomware group strikes second U.S. health care system in the last two months. I bet that there will be a lot of talk on this one, even as we read the notes on this.
I’ve got plenty more things lined up for the podcast, so please feel free to stay tuned and learn with us. Some may be a bit older, but yet worth talking about.
Remember to subscribe to The Security Box list as we post items and you’re welcome to discuss them on list.
We thank you for listening to the program and we’ll see you on another edition of the program next time!
Comments (0)
Scammers and photo sites and copyright issues
For those who deal with photos, you’ll want to read this. In the Kim Komando newsletter, it talks about scammers who want to take advantage of you by claiming that stock photos, those who do not have copyright, have a claim. Please read more about it through Kim’s web site. See everyone later.
Comments (0)
Security Now! Podcast 872 tweet of interest
Here’s the tweet i just saw in regards to Security Now! Podcast 872.
I’mn providing this for people who are interested.
It will start within the hour on Twit Live or as a podcast later in the evening.
Steve Gibson: “Dis-CONTI-nued: The End of Conti?”
Security Now! #872 show notes:
https://bit.ly/38GGtlO
The emergency Active Directory re-patch, Clearview AI’s facial recognition, Vancouver’s Pwn2Own victim lineup, the DoJ’s softening stance, a smartlock hack, and Conti’s “strategic” demise.
It’ll be nice if it ends up being true that Conti disappears, they were the top dog after REvil, but that doesn’t necessarily mean anything.
Hoping and preying
Comments (0)
Virtual kidnapping scams
Hello folks,
I initially passed this up when I saw something from Kim Komando’s newsletters about this topic, but now I see it in malwareb= bites newsletter. How to spot the signs of a virtual kidnap scam came from their newsletter and its worth sharing.
Take the time to check this out, and if you want to talk about it, feel free. The lines of communication are open.
Comments (0)
Mozilla releases security updates for firefox products
Whether you use firefox regular, firefox ESR, or firefox Android, you need to know that CISA has published a notice letting us know about the fact Mozilla has released an update.
The email was sent out yesterday, and I’m seeing it now. We had some slight technical problems yesterday, I’m sure the mail was received but I had some problems.
Stop me if you’ve read a line similar to this:
Mozilla has released security updates?to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.??
For the full notes from CISA, read it by clicking on this link.
Thanks for reading, and make it a great day!
Comments (0)
Senators Urge FTC to Probe ID.me Over Selfie Data
I thought this went to the security box list, but thats OK, its going to the blog.
I’m taking the same article title as Krebs has, because it just fits. Tweet
Comments (0)
Sans News bites for May 20, 2022
This past Friday’s Sans news bites is quite interesting, as it talks about Microsoft bringing an emergency patch to fix something that didn’t quite make it. There may be some other very interesting news that might be of value to you including VmWare patches for those who use it, Jupiter plug-in fixes and India security guidelines.
For the full newsletter, Here’s a link to it and do feel free to comment on things that might be of interest to you.
Thanks for reading!
Comments (0)
A little back dated, Trend Micro has news on Avos Locker
Now I realize why I kept this article around, we’re going to talk about the two ransomware cases that affected hospitals, but AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell has some information maybe the other article doesn’t have about this particular problematic program.
At one poibnt, this affected an Antivirus product called Avast, but they are quoted within the article to indicate that it is an older driver that they don’t use.
Fot those who are interested in this, please feel free to check it out. Thanks so much for reading.
Comments (0)
Russia now taking out satelites
Well, in a bit of a back dated article, it seems like Russia is part of the cyber probblem all along. US and its allies say Russia waged cyberattack that took out satellite network was written some time back, and was sent to our list on the 11th of this month.
Its a little back dated, but worth the read. I can definitely agree with some of what it says, including the fact thtat we didn’t do much about their 2015-17 attacks which even took out the electric grid.
This is still what I fear as part of this war. I still fear that they can and willif they want to attack a bunch of infrastructure which could make it difficult in some parts of the world.
This article was definitely interesting. I honestly don’t know if our sanctions are even working or having any effect on things. I don’t even know the solution.
Comments (0)
A second healthcare company targeted, leave our health care system alone!
OK,
I saw this oin our Security Box list, and I’m about fed up! This topic will be our main feature of podcast 96 this coming Wednesday, and it wouldn’t surprise me if we decide to have a few choice words for these guys.
While I’m not surprised of this news, I remember one group clearly stating that health care was off limits, and they went back on their word as discussed at that time. That’s why we can’t take anything they say for granted.
The article today is titled Ransomware group strikes second U.S. health care system in the last two months which is heavily linked full of information and even talks about the two known deaths because of ransomware.
AvosLocker, a prolific ransomware group that was the subject of a recent joint FBI and U.S. Treasury Department warning, claimed this week that it had hit a Dallas-based nonprofit Catholic health system with more than 600 facilities across four U.S. states, Mexico, Chile and Colombia.
McKenzie did not comment as they were the first to be targeted.
The article continues:
Katy Kiser, CHRISTUS Health’s director of communications, told CyberScoop Friday that the company’s IT staff learned of “unauthorized access” in one of its regions — which the company refers to as “ministries” — sometime in early May. The company is working with cybersecurity professionals to assess the situation, she said, but so far it appears to be “limited” and said the attack “didn’t impact patient care.”
You don’t think patient records are at risk, but you really don’t know. Its what you know at the moment. If I were in these shoes, I would say that we are not sure if patient care is affected, or whether the data is at risk, but if we find out that it is, we’ll send notification immediately.
There’s plenty more, please check out the complete article for all of the details. Thanks so much for reading!
Comments (0)
Have you updated IOS yet? Mac? Apple Watch? Maybe its time
Have you updated your apple products lately? Within the past week, Apple released IOS 15.5 and related Mac, Apple Watch, TV and other product releases.
But now, Mac and Watch have an emergency patch just like the phone did last month with IOS 15.4.1. Komando.com: Time to update! Apple’s emergency patch fixes zero-day vulnerability in Macs, Apple Watches has all of the details that are known and what is affected by the update.
Instructions are also given on how to update your product(s) so make sure you check it out.
Thanks so much for reading, participating, and learning with us.
Comments (0)
The Security box, podcast 95: Crypto interesting news, a 9.8 CVSS on big IP appliances, and what will be coming up in the coming weeks on the podcast
Hello all,
Welcome to another edition of the podcast. The RSS feed is getting updated throughout the network with the program.
While I wrote in the initial text notes that would’ve been posted to the blog that Windows Update would be covered, we didn’t cover it and I already edited those notes.
There are a lot of things that I’ve marked from the list that we can talk about and I’ll be trying to blog quite a bit within the coming days, so stay tuned on what we have.
You say you don’t have RSS? That’s no problem! Download this 93.86mb file by right clicking and selecting save target or save link as.
For those using keyboards, hit your context menu or hift+f10 and select save target or link as.
Now, without any further ado, here are the show notes for all!
Hello everyone, welcome to the security box, podcast 95. On this program, we’re going to talk about one vulnerability that affects big internet appliances at a CVSS score of 9.8.
We’ll see what else comes up including some Crypto news and things posted to our list and what type of order it’ll all be in.
The main article we’ll be covering is titled Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating which comes from Ars Technica..
Ars is probably not going to be the only one covering this, there will be others out there too.
The JRN hopes you enjoy the program, and thanks for listening!
Contact info is given throughout the program, tech information can be used as well. Thanks again!
Comments (0)
Patch Tuesday, the late edition
Sunday May 15th seemed to be time to reboot, and others within the computer industry will have, or will be rebooting for application of Windows Update this month.
Our usual source, Krebs on Security, has the article titled Microsoft Patch Tuesday, May 2022 Edition for your perusal.
The most urgent for this month is CVE-2022-26925 which is a CVE talking about a weakness in the windows security component where a central component is concerned. This is known as the “Local Security Authority.”
“This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication,” Wiseman said. “This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.”
The last time we had a problem like this, we talked about something called PetitPotam
.
Seven of the flaws fixed today earned Microsoft’s most-dire “critical” label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.
There’s plenty more. We even see in other email, Microsoft Releases May 2022 Security Updates which was sent to us by email. The JRN has not read this yet, but ill do so and try to keep up on these.
If you’ve not patched, pay attention to windows, it’ll be calling you very soon if it hasn’t already.