The Technology blog and podcast

Let’s end the month on a good note, a guilty plea on an antispam case

While I thought this would be good, and we should celebrate, I lknow that jaredrimer.net is being innodated with Spam on a daily basis.

In any case, in the better late than never department, I’d like to present a good article and something we seldom see. The article was sent to the TSB list in June, and it is titled Adconion Execs Plead Guilty in Federal Anti-Spam Case. It was written by our good friend over at Krebs On Security, Brian Krebs.

Spam is something that we have to fight on a regular basis, and sometimes, the technology can only do so much.

I could turn on spam assassin on the domain, it only marks the messages. I could also turn on box trapper, but then it would send back a message to which the user needs to verify. That’s well in good, but then you run in to those automated emails, the ones for newsletters and the like, so then you have to whitelist those domains.

That’s all well good, but it only works if you put in the time to set it up and you have to have the service.

What if you don’t? You can filter it all, and Gmail is pretty good at a global level, but what if you don’t have Gmail? That’s where arrests and pleadings like this come in. Its a glimmer of hope and I’m curious if you’ve read this article now or when it was released what you think of this.

There are 4 people listed and linked within the article, and plenty of info to boot. Check it out and let me know your thoughts.

Comments (0)

one in 40 businesses hit with ransomware

After a power glitch pretty much woke me up this morning, I come to deal with email What do i see? I see an email talking in a newsletter about ransomware and the fact that one in 40 businesses can be at risk.

Komando’s article talks about two big companies that nade the news, but what about those that don’t? This is according to research done by Checkpoint.

That means over 800,000 companies are hit by ransomware annually. It’s easy to see why it’s such a lucrative venture for hackers, as ransom demands are often set in the millions of dollars per attack.

The average weekly attacks per organization worldwide reached a peak of 1,200 — an increase of 32% compared to last year. In addition, the most heavily attacked business sectors are education and research, increasing by 53%.

Finally

Another worrying statistic points to a 59% increase in ransomware globally compared to last year’s period. Africa was the hardest hit, while the U.S. saw a 1% increase, with average weekly attacks targeting one in 108 companies.

The usual steps of two-factor, using secure passwords and the like are given, as it can help but also not clicking on files and links you’re not expecting.

Jaredrimer.net has been innodated with huge volumes of spam from things indicating I can get gift cards for surveys and the like, from all kinds of companies. Looking at the email address, and looking at few of these links tell me that it isn’t coming from the companies they’re claiming to be.

You can check have I been pwned to see if your address or number is out there, but there isn’t a whole lot we can do after that besides doing what we can with the tips given.

Article: Ransomware affects 1 in 40 – Are you at risk?

Comments (1)

If you own a car, make sure you’re safe in it

Technology is now in our cars, and komando.com is now notifying us of more care recalls.

Just like with our computers, cars can have problems. Its a different type of tech, battery or other issue, so check this komando article out titled Vehicle recalls: Dodge, Toyota, Chrysler and BMWs with dangerous issues for complete details.

Since I don’t know who may come across this blog, I feel that this should be shared and you, the disabled user, can let your sighted counterpartsknow that there are car recalls and share the link to the post which links to instructions on how to check things out.

Here are the headings within this article which impact the type of car. Each heading has information and a phone number the person should call to get further assistance.

• BMW
• Toyota
• Dodge and Chrysler

Comments (0)

Wells Fargo, Bank of America, Capital One and others targeted in Phishing attacks

Good day everyone, going through email, and saw this email newsletter from Kim Komando and the first item is what we’re talking about in this blog post.

This article talks about a new term Phishing as a service where people can pay $50 for one page and $200 for all pages using banks, a ready-phishing tool.

The prices listed are monthly charges not one-time purchases.

fice 365, Adobe Creative Cloud and Google Workspace are all seen as software as a service. Regarding cybercrime, a relatively new tool is Phishing as a Service (PhaaS), where hackers sell their phishing software to criminals for a monthly fee. Unfortunately, one of these PhaaS attacks is rampant in the U.S., targeting Citibank, Bank of America, Capital One, and Wells Fargo customers. According to the cybersecurity company IronNet, “Robin Banks is a ready-made phishing kit aiming to gain access to the financial information of individuals residing in the U.S., as well as the U.K., Canada, and Australia.”

According to this article, this tool can be changed to mimic the likes of Microsoft, Google or other online accounts.

To read the full article, please read New banking scam: Warning for Bank of America, Citi and Wells Fargo customers and remember that it could target others.

Comments (0)

Use Google Documents, sheets or other properties? Here are some shortcuts

If you use Google properties, here are some shortcuts that people might want to use. All of the commands can be used in the browser, and you need to be signed in to your Google account for this to work.

For example, to start a new document, open Firefox or Chrome and type document.new or doc.new and you’ll get a new document ready to work.

For those who want to read the entire Komando article, you may. The article is titled Google trick: Shortcuts to quickly open Docs, Sheets and your calendar and I hope that it finds value in you using their properties.

Comments (0)

Its time to check your cabinets, 63 medications you should not take

Kim Komando and staff is sounding the alarm on a company who is recalling 63 different products. Yes, even we can check to see if we have these things. I am sure I don’t have the company brand around here, but other people may not.

The article is titled Check your cabinet! 63 medications recalled for possible contamination

Personal care company Vi-Jon is recalling all lots of its Magnesium Citrate Saline Laxative Oral Solution as a third-party laboratory found small amounts of the Gluconacetobacter liquefaciens bacteria. The bacterium infects plants but can cause life-threatening adverse health consequences in humans when ingested. Vi-Jon initially only recalled one lot of its lemon flavor but expanded the recall to include all lots of lemon flavor and more.

Normally I don’t quote from Komando, but this paragraph is probably the biggest to put out there in the public eye.

You can use services like Be My Eyes, Seeing AI, AIRA and others to scan the bar code and get sighted assistance so you do not get sick.

Please stay safe.

Comments (0)

Telegram is … not the place to be?

On Podcast 99, I talked about a Netflix movie that I watched that delbt with Telegram. Its a 2022 movie about events that happened before 2020.

DJ Tim, over at the mix sent this article this afternoon. Its titled Discord, Telegram Services Hijacked to Launch Array of Cyberattacks and it comes from a decent source, Dark Reading. This is only going to hurt Telegram, as the movie I speak of made people wonder, especially those who investigated the crimes that occurred on that service.

Did you see this article and what did you think?

I’m not going to quote the article, so you’ll have to read on your own.

What I can tell you is that some of our favorite friends in the malware department are found there. Have fun!

Comments (0)

Here are 36 more apps that Android users must be aware of … time to do more deleting

Hello everyone, as part of today’s podcast, we talked about a good number of 52 different applications that must be deleted. I went through a good number of the 52, but not everything. Delete these 36 infected Android apps from your phone now has another batch of apps.

28 are just annoying and can be a problem while 8 specifics come with Joker Malware.

Here is a blog post I wrote in 2020 about the Joker Malware. In it, I believed that this family was long dead, but articles indicate its well and alive.

I know there is more out there if you search the Internet for joker malware, so go … learn how bad this is. Read Kim’s web site which has the latest.

This is probably not the end of the list.

Comments (0)

The Security Box, podcast 105: Vehicle Trackers are in deep trouble and there’s nothing we can really do about it

Hello everyone, welcome to the Security Box. The RSS feed has the audio and this is the download file of the program. It is 163.3mb in size, so make sure you get it completely downloaded.

We definitely had quite a turnout as part of today’s program, with several people we’ve not seen, and I thank you.

If you’re coming to the program for the first time, please feel free to subscribe to our security box Email list and this way, you’re notified of things being posted as well as the link being sent for people to download it.

Now, without any further ado, those who get the files through Dropbox should have it, and the show notes with links to the items of discussion follow.

---

Welcome to the Security box, podcast 105. On this program, we’re going to talk about GPS systems and something that may affect everyone who drives and uses a certain product.

This is a Cyberscoop article titled Attackers can surveil, disrupt vehicles outfitted with popular GPS tracker, CISA warns which was quite interesting. I also spotted this being covered by Kim Komando and her staff. I blogged about it in this blog post for those who want to link to it.

We also will have news from around the landscape and whatever else people want to cover that they have read. Hope you enjoy the show!

---

Remember to go over to Clubhouse and join the club where each week we have a room for you to participate live. Blue Streak has the show as of press time and they’ll air it on Friday morning.

See you all later!

Comments (0)

More info on the Massive Twitter breach and other stats to boot

Hello all, welcome to the blog. If you didn’t read <a href=”https://technology.jaredrimer.net/2022/07/25/the-cyber-wire-daily-news-for-july-25-2022/

“>this blog post which covered the twitter breach, than you need to read Twitter data breach: Personal details of 5.4M users leaked from Komando.com.

The other day, it was reported that the flaw was found in January, and this is saying December 2021.

For the most part, both articles are pretty accurate with giving the same info, but one month is really not going to make much of a difference.

I don’t know if I blogged about this, but this can be posted now if I haven’t. The article is titled Scam alert: 5 most costly data breaches (plus 5 states most targeted) and the title is quite intriguing.

Leading the way is California of course with over 3 billion dollars stolen. Ohio was only clocking in at 64,000 but the rest are at least a million.

Let’s keep ourselves as safe as possible by reading these articles and sharing them. Thanks for reading.

Comments (0)

Needing work on your home or business, contractor scams appear to be on the rise

It seems like the topic of scams are well under way. We talked about scams on throwback saturday night and we’ve talked about scams in the past here on TSB and even on the main tech program.

One name that comes to mind is our good friend Mr. John Bernard. Search his name on this blog or even on the Internet, and you’ll get podcasts here, as well as articles from Krebs if not other sources.

With that said, he was a different type of con, but cons come in different sizes.

The article we’re taking from today comes from Kim Komando talking about contractors who might come to your home or business offering work that they say you need.

The article is titled Shady contractors are stealing thousands – red flags to watch out for which give tips on what you need to do to stay safe.

Even those in our community may need a handy man, I know I have. Let’s be smart about it. Read the article and let’s share what we’ve learned so others don’t get taken to the cleaners.

Comments (0)

The Cyber Wire Daily, news for July 25, 2022

Hello folks,

The big news coming out of the Cyber Wire is this 9to5mac article titled Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k which goes all the way back to a January breach. Now, the update seems to be that an actor is now selling the database for $30,000 and samples that was obtained by Restore Privacy indicate that the database is real. It includes fields that we, the users, may have marked as private in Twitter thanks to the vulnerability.

They also talked about Censys and their research. (Blog Post)

While the breach is nothing new, the fact that news indicating that this is now out for sale can be a little bit concerning.

Sadly, there’s nothing we can do.

For anything else, please check out The Cyberwire Web site and if something catches your eye, let us know!

You can also subscribe to TSB’s E-mail list where you can get articles sent to you hat are read. You can even contribute from your own sources if you wish.

Stay safe!

Comments (0)

Haven’t updated your browsers yet? Komando says get to it!

Hello Folks,

Just getting an email about browsers, and Chrome recently releasing a release to patch a zero-day problem. The article goes through the entire history of what has been released and links to prior things. Click to read Update your browser! Chrome, Edge and Safari patched against zero-day flaw and stay as safe as possible. Thanks for reading, listening, and participating!

Comments (0)

Here’s something I’ve never heard of … Pig butcherin

I read an article titled Massive Losses Define Epidemic of ‘Pig Butchering’ which was interesting enough.

The first paragraph states:

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

So you’re telling me that a girl could follow me on Social Media, get me to like her, try to get me to invest in some form of Crypto and then when I do, allow me to take out once, but possibly not again?

According to Krebs On Security, the second paragraph states:

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter.

The third paragraph even gets more interesting as that one states

“The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. “It’s run by a fraud ring of cryptocurrency scammers who mine dating apps and other social media for victims and the scam is becoming alarmingly popular.”

What makes this worse is that this is happening on dating sites. Skipping some paragraphs, the one I want to quote now says:

Those who respond are asked to continue the conversation via WhatsApp, where an attractive, friendly profile of the opposite gender will work through a pre-set script that is tailored to their prey’s apparent socioeconomic situation. For example, a divorced, professional female who responds to these scams will be handled with one profile type and script, while other scripts are available to groom a widower, a young professional, or a single mom.

There are several headings including:

• ‘LIKE NOTHING I’VE SEEN BEFORE’
• A $5,000,000 LOSS
• THE KILLING FLOOR

The second one was a true story about someone who lost 5 million dollars after being lured in to this. I urge people to read this one, come prepared, and come to next week’s security box for August 3rd as that’ll be our topic then.

Again, the article is titled Massive Losses Define Epidemic of ‘Pig Butchering’ and I hope that people can learn from this so we don’t fall prey. We only get so much money, we do not want to be a statistic.

Feel free to share this article, and make it a great day!

Comments (0)

KYIV had plenty of time to prepare for Russia’s attack

Hello everyone,

We read an article titled Battling Moscow’s hackers prior to invasion gave Kyiv ‘full dress rehearsal’ for today’s cyber warfare which talks about how Ukraine was able to prepare for what Russia has given them during this year’s war.

Here are the first two paragraphs of this article.

Ukraine has long been on the front line of many of the most devastating cyberattacks attributed to Russian state-sponsored hackers, from a 2015 power grid attack to the infamous 2017 NotPetya malware infections that spread around the world and caused billions of dollars in damages.

More recently, in the weeks leading up to the Russian invasion, Ukraine suffered a series of breaches that officials blamed on Russia. These attacks helped prepare the country to battle back against Moscow’s arsenal of digital weapons.

Russia has not done anything really aweful, unless you take the fact they stormed in to ISP’s and forced them out and they routed Ukraine to their servers, but on the battleground, they’ve done horriffic things that are not allowed to be talked about on a tech blog.

Russia started as we know with a DDOS attack days leading to the firsttack this year, but this has become quite interesting as the war has continued.

Vityuk made the remarks during a Fordham University cybersecurity event this week co-hosted by FBI. He was among several Ukrainian cybersecurity officials
that the U.S. paid to travel to the event and to meet with officials in New York and Washington.

I think another article talking about that paragraph was posted to Cyberscoop, but it was a bit older and I didn’t blog it.

There’s plenty of more, so please read this one. It was a very interesting read.

Again, the article is titled Battling Moscow’s hackers prior to invasion gave Kyiv ‘full dress rehearsal’ for today’s cyber warfare and please feel free to leave your thoughts.

Comments (0)

Research is awesome, this time a Ransomware Network that has U.S. ties

I’ve done some reading, and this article is quite interesting. Its titled Researchers uncover potential ransomware network with U.S. connections and it comes from our good friends over at Cyber Scoop.

This article is quite interesting because you think of Ransomware operators coming out of other places which may include Russia, China, Bulgaria, or even the Koreas.

We know that China has been doing their own thing with the Internet, nd we know by the news that Russia and Ukraine have been going back and forth since 2014. But we also know that Russia has been involved in some U.S. metaling as well, so when I read this article, I started wondering what might be going on.

The first paragraph of this article states:

Typically, when it comes to ransomware, researcher and cybersecurity companies scramble after attacks to understand the origin of the malware that infected systems and locked crucial data.

The second paragraph, which is heavily linked, indicates that a research company named Censys did something completely different. They decided to flip the switch and uncovered a network that is capable of attacking people using a command and control network. I’ve linked to the company if people would like to check it out.

With more digging, other things were uncovered including a Russian host that had Acunetix, a web vulnerability tester and even a command and control tool named DeimosC2.

There’s plenty more, and I’m happy that the company shared the research. We need more companies like this so we can be aware of what’s going on in this industry.

Again, the article is titled Researchers uncover potential ransomware network with U.S. connections and I hope you enjoy what it has to offer.

8:58 PM 7/24/2022 Edited to fix a broken link.

Comments (0)

Scam alert for power companies

Back on July 4th, I saw a Komando email about power scams. I decided to see what is of value so that I can try to deal with the massive amount of spam in this email account of mine.

In the alert, its not Spam but quite real. While I’m posting it late, it can still be very valuable as the summer season in the states is in full swing.

The scammers will tell you that power will be cut off if you don’t pay within the next few minutes. Payment via Crypto and gift cards are also signs that you’re dealing with a scammer.

There are other things to watch for, so make sure you read this article titled Energy and power company warning: 3 signs you’re talking to a scammer for the complete details.

Its better late than never getting the word and passing it around.

Speaking of passing it around, this weekend’s Throwback Saturday Night talked about Scams in our Security hour. We talked about the video we posted in this blog post and we covered a very interesting call you might hear on your Kim Komando show this weekend.

Scams have been quite high since the pandemic, and there is no shortage of them slowing down. Let’s do our part on making sure that we’re as protected as possible and pass the word on what is out there.

I hope that this finds you well, and we’ll be in touch real soon!

Comments (0)

This coming Wednesday’s Security box, podcast 105 taping

On this week’s program, we’re going to have a really interesting segment I’m calling: “You’ve Got to be Kidding me.” In it, a woman calls the show and participates in Kim’s game show, “True or Not True”

This has got to be one of the saddest stories you’ve ever heard. Its ok to make mistakes and possibly send money to people you don’t know because they told you a story tht you believe. It can happen to anyone. But when you end up hearing this, you’ll really wonder.

As a Komando Community subscriber I, along with many other people who may be subscribed can hear the show as its taped live on Friday.

The show is for this weekend, and while this call was fascinating, the third hour also had a similar call but I didn’t want to cover it because the person involved has other issues which may not be at fault.

Besides this, we blogged a story about GPS Trackers, no, not the applications we use to get us around town, the ones that dispatch may use to get information on where vehicles are.

Want to join us on the show? You can. The Independent channel will have it on Wednesday at 11 am PT, 1 PM CT. It replays Friday at 8 am on Blue Streak and it will also be podcasted through this blog.

Want to comment live? Join us on clubhouse and when you join the event, it’ll be in your time zone for adding it to your calendar..

Normally, I haven’t put blog posts like this up, but the story I heard on the live taping is one you’ll probably not want to miss. I hope to see you there!

Comments (0)

IOS 15.6 is out, fixes a braille issue, adds router options and fixes 37 critical issues

Hello folks, welcome to another blog post here on the blog.

I must be feeling better, I have been posting quite a bit more, and I will also be working on the podcast for the Security Box. With that said, I have some news coming out of Komando.com and IOS 15.6 that we must get out. To be fair, I did see a blog post from Applevis that mentioned it, but i didn’t read it till I saw Kim’s posting.

First, let’s cover Update your iPhone now! iOS 15.6 fixes 37 security flaws which comes from komando.com.

This has several CVE designations that are talked about, and they are as follows:

1. • CVE-2022-32832: A hacker can take over your phone.
2. • CVE-2022-32788: Exposes your phone to remote code execution attacks.
3. • CVE-2022-32857: Makes it easier for hackers to track your activity.
4. • CVE-2022-32847: A hacker can restrict your Wi-Fi access.
5. • CVE-2022-32849: A hacker can access sensitive information in your iCloud Photo Library.

Here is Apple Vis’s coverage of the 15.6 release.

It has information that affects speech, braille and other odds and ends that Komando doesn’t cover. In no way am I saying that article is bad, but it covers other things Applevis doesn’t cover in general. Apple Vis does indicate that there are security fixes.

I would suggest that you read both articles and see what applies to you. Thanks for reading!

Comments (0)

The Technology blog and podcast, podcast 363: Scalars Publishing has a course for UEB, Perky duck gets a demo and we talk a little IOS

Hello all,

Its been at least three months, but I finally found a reason to do a technology podcast. Don’t have the RSS feed? Here is the RSS feed.

Here is the 96.04mb file for those who need to download it directly.

With this said, I present the show notes with links. Duxbury says that we must link to their main page directly. We are not allowed to link to their Perky Duck page.

---

On this episode, >Scalars Publishing has an educational book for learning UEB. They have other books as well, but we talk about the educational book today. How did I find out? Through a student who has asked for some help. Perky Duck from Duxbury Systems is discussed and demoed, and we also have some IOS news for those who don’t know. This news is in regards to voices that some may know of, but some may not as we have sighted listeners that may not know. I hope to have another podcast soon!

Thanks so much for listening, and I’ll be back real soon!

Comments (0)

Older Posts »

go to sections menu

---