go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: August 2022

Go to Homepage [0], contents or to navigation menu

The Security box, podcast 108: What Happened to all of these proxy services from another podcast?

This podcast had a few hiccups, but we must move on. The big topic was covered and everyone was heard, which is how that was supposed to go.

Hopefully next week will be much better.

Here are the notations with links to items, and we’ll be in touch.

download the 138.60mb file if you don’t have RSS.

On podcast 103 of the Security box, we talked about some proxy services that could have been deemed bad proxies.

Now, in another two-part section, we learn that all of these proxies are now down. What happened to these proxies?

Both of these articles are by Krebs on Security and both were very interesting to read.

Besides this, we’re going to cover the news, we’ll see what people have decided to bring up, and we’ll see what else we can find for this program. Hope you will enjoy the show, and thanks for listening!

Comments (0)

QR Code scams

This is going to be hard for us to follow or protect ourselves as disabled people, but this is something of importance that we should be aware of.

Watch out! These QR code scams are tough to spot is the article from komando.com and please check it out if you use these.

Comments (0)

Think you won millions? Think again

So, the scams continue and this time, the question of whether you have won millions is here. Did you buy a ticket from the lottery? Play some other game that made it possible to win money? Great. That’s awesome, but what if you didn’t?

Email and even letters in the mail, says Komando.com claim that you’ve won millions. If you receive an email, they’ll want you to respond by this method right away. The bad thing, they’ll ask for personal information including bank account, name, SSN and other info that they might want.

The article gives a page where you can report such a scam if you’ve fallen for it or not, so be on the look out.

Would you like to read more? Sorry, you aren’t inheriting millions – It’s a scam and stay safe! Share this article and make it a great day!

Comments (0)

Don’t know how to spot a Phishing email?

If you don’t know how to spot a Phishing email, Phishlabs has an article with some tips. The title is: Top 10 Ways To Recognize a Phishing Email and maybe this should be shared too.

The item that is number 1 in this list is SUSPICIOUS LINKS. I’ve been getting so much spam for example claiming that I’ve won gift cards and money from all kinds of businesses. The email addresses are definitely a clue, but when I look at the links, they’re something else.

Second on this list is improper spelling or grammar. Now-a-days, actors in mhy opinion are getting better, but as we’ve illustrated in this email about the geek squad we’ve shown you that this has several issues including improper grammar when it comes to financial terms, as well as other flags that we’ve continuously talked about in the past.

The third item is SUSPICIOUS ATTACHMENTS. I am not personally seeing much of attachments, just tons of links. But they may still do this because they want to bypass filtering.

There are seven more, so Top 10 Ways To Recognize a Phishing Email is the article and I urge everyone to go and read it.

Something might jump at you that you never thought of. I hope that people share this, because it needs to be shared. Let’s start sharing the good stuff here.

Comments (0)

Links changes

Hey folks,

Just a note that I have made some changes to links. I had two copies of the Security Box Email list, so I changed one of them to link to the JRN’s donations page., which you can use to donate to the network. I know i have a button placed I think on the about us page, but I figure, a link to our donations page would b nice since I’ve recently updated it with other links to pay by credit card.

Don’t worry, I found that Paypal has changed their button page and now allows easier access to pay by credit/debit card through them without having an account. They even have a switch to have you not sign up for an account too. So, everyone wins!

I’ve also added the Phishlabs blog, and now that I have RSS to it again, they’re definitely something I should be promoting. Keep up the great work guys, and we’ll see you guys later.

More blogging later.

Comments (0)

The Threat Trends and Intelligence Report is now out

Hey folks,

I attended the threat trends and intelligence report webinar, and the verdict is in.

First, spam and other malware are taking advantage of the top level domain .com now. Other country codes are still used but fell sharply.

The other big news out of this is that social media is up. Brand impersination and other threats dealing with social media is up.

An article by Phishlabs breaks this down, and its titled Response-Based Email Threats Targeting Corporate Inboxes Are The Highest Since 2020, According To HelpSystems’ Latest Agari And PhishLabs Report and I urge people to go ahead and read it.

Its something we all need to keep in mind. Thanks for reading and make it a great day!

Comments (0)

What happened to our proxy services?

There were two very interesting articles we’ll be talking about this week on TSB. The question is, where did the proxy services all go?

Two of the biggest ones around that we did talk about on a prior podcast seem to have been shut down, while the rest can’t handle the volumes of traffic and IP requirements that cyber actors want.

We’ll be talking about the following two Krebs on Security articles during our live taping of the show.

Let me know if you have found these articles of interest, because bogth articles tell the story of how these things worked so well and how they apparently got shut down.

There were some quotes we took out of these articles, but I think that both of them should be read in full as they link to other stuff too.

Let the comments begin!

Comments (0)

Apple now starting to feel the malware sign

In iPhone malware: Check your phone for these 7 apps we are starting to see the signs that IOS may now be starting the trend that Android has seen for quite awhile.

I’ve always said that IOS is not any different than Android, and we should keep tabs on things of this nature.

Here are the apps listed.

  • 1 . PDF Reader for Adobe PDF Files
  • 2 . Word Writer Pro
  • 3 . Screen Recorder
  • 4 . Webcam Expert
  • 5 . Streaming Browser Video Player
  • 6 . PDF Editor for Adobe Files
  • 7 .
    These apps may by now be removed from the app store, says Komando.com’s article, but it doesn’t get removed from your phone by default. You’ll have to remove it if you have these apps.

    Stay safe! PDF Reader

  • Comments (0)

    Robotexts are the next thing for scammers

    While Robocalls won’t completely disipate, there’s a new wave coming, that’s called Robotexts.

    Our good buddy Brian Krebs wrote up an article that talks about this problem. Its titled Why robotexts are scammers’ favorite new tool and I found it quite interesting.

    The first paragraph states:

    If you’ve recently received a text claiming to have a delivery update for a package you never ordered or providing an urgent security alert for a bank you don’t belong to, you’re not alone.

    I’ve seen some of these, but knock on wood, I’ve not in a little bit. Watch, once I get this published, I’ll be innodated with them.

    So far in 2022, the Federal Communications Commission has received more than 8,500 complaints about “unwanted text messages,” according to a consumer alert released last month.

    That number is on track to surpass the number of complaints in 2021, which included 15,300 messages. But according to industry data, the number is likely just a small sliver of the problem. Spam-blocking app RoboKiller estimated that consumers received more than 12 billion robotexts in June alone.

    There’s plenty more but these paragraphs are only the highlight. Let’s see what we can do.

    Comments (0)

    Its time to update windows, a serious flaw is out there

    Its time to update windows. Of course Kim Komando and Brian Krebs have the details in two articles.

    Both article listings talk about the critical update and the designated CVE numbers. One article may have other details on other things, so check out both for complete details.

    It may take time for Windows to give you your updates, but Komando’s article gives steps on how to update Windows if you don’t want to wait.

    Comments (0)

    The Security Box, podcast 107: Fileless Malware, what is it, how can it get on the computer and what is this Gootkit loader have to do with it?

    Hello everyone! Welcome to the Security box, podcast 107. On this program, what is going on with one of the biggest threat out there, fileless Malware. In short, this uses the registry to infect the machine and SSL like techniques to hide its traffic.

    We’ve recently put the file on the RSS feed and we’ll be providing the 156.84mb file for people to download if they need to use it.

    We also covered quite a bit of the news that we’ve covered on the list and blog, and don’t forget to subscribe to our Security Box list and help shape future podcast topics by commenting on the things sent out.

    Without any further ado, let us go ahead and get the show notes which include links out for topics and thanks so much for listening!

    Welcome to program 107 of the Security box series. On this edition, we’re going to talk about something not too many people know about. Its called Gootkit Loader’s and they can be very dangerous. These can contain something called fileless malware which makes detecting them harder. Trend Micro has talked about fileless malware before, and you can put in fileless malware plus adding trend micro to find postings covering this topic.

    The article we’re going to cover on podcast 107 is titled Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike and it does come from Trend Micro.

    I hope that you enjoy this discussion, because it can affect you if you don’t know the signs of what to look for as it can come in many forms including email.

    Besides this, we’ll see what people in clubhouse or the list want to talk about, and we’ll go through news and other things posted as well.

    Thanks for listening and make it a great day!

    Comments (0)

    Komando.com has tips on taking a break from facebook, what do you think?

    Hey folks,

    Facebook can be adicting, according to some, but I don’t find it adicting at all. Why? Because some years ago, I just quit going over there. Sure, every once in awhile I’ll approve people that I get requests from and look at profiles to make sure it doesn’t look like Spam, and I’ll look at the news feed, but its very rare for me.

    I never to be honest, found facebook enjoyable. I did used to post blogs over there, like my playlist of my shows, but I don’t know why it isn’t working that way.

    I never posted my life story out there, and rarely found anything interesting to comment on.

    Facebook to me is worthless. I mean, I have a linkedin account and I used to go over there and look at things and try to comment on things of interest, but that also got boring to me too.

    With that said, deleting your account may work, but one thing this article didn’t cover is the fact that actors may have your picture, so they can in theory use it to create a new account and start posting stuff about you whether its true or not. They could in theory find your friends and get them to give money because they said you’re somewhere and need help. They’d believe it because they used your photo.

    Suspending your account may work, and the article titled How to take a break from Facebook may help you if you feel you must take that break.

    They link to related facebook settings to change as well for privacy, unless Facebook changed them back.

    I think tht’s why I just gave up on facebook, because they just change stuff and don’t tell us.

    I’ve talked about me posting to a group and how I tried to post an open letter to a developer of a game I play on the Amazon device. I posted it to the group. I also had several forced password changes even though I’ve got two-factor and I rarely use the service.

    Sure, I checked out facebook dating, just to see what its like, but I got curious about it.

    Feel free to check out the article and see if it fits your situation. Each person is going to be different, so keep that in mind too.

    Comments (1)

    Are License Plate readers a problem? Komando.com thinks so if in the wrong hands

    I am scowering my email and found License plate scanners are coming to more cities – Here’s what info they can collect in the wrong hands which might be of interest to our sighted counterparts with cars.

    While there isn’t anything we can do about license plate readers, the fact that it is becoming more available to people like you and me could be alarming.

    I’m not about to say that I’d go and buy one, as I have no need for it, although it would be kind of cool to find the people who speed down my street where I live and maybe help the police out by letting them know if I were to do it.

    Police use these to track stolen cars and wanted people, but the article has much more that you, the sighted should take a look at.

    Thanks gang for reading, make it a great day!

    Comments (1)

    With Q2 threat trends and intelligence report coming, Emotet is back and better than ever

    Hello all,

    On August 16, 2022 Phishlabs will be holding a Webinar talking about the Q2 threat trends and Intelligence Report.

    While I can’t find the blog posting right now, you can search it out and I’m sure you’ll find it.

    Phishlabs however does have an article talking about a few things about the Q2 report, but I’m very interested in what they have to say. The article they published is Emotet Tops Payload Attack Volume in Q2 and I was kind of surprised.

    We know that Emotet was one of the leaders of problamatic pieces of software, but now we’ve also got to deal with something called bumblebee.

    While our friend QBot contributed to 42.83 percent of payload attacks, Emotet topped the list 47.44 percent. This is even after they rebuilt their infrastructure last year after they were taken down by law enforcement agencies last year.

    Bumblebee is quite new and this article talks about it.

    I also saw an email from the Phishlabs team that said that Vishing is up over 600 percent.

    Stay tuned, I’ll talk more about all of this after the webinar, and maybe they’ll have a blog post on this afterword too.

    Did you read the phishlabs blog article and what did you think?

    Comments (0)

    Giving unqualified people Cyber Security Oversite?

    So, I read this water sanitation article dealing with giving these people oversite on the Cybersecurity of the water industry?

    The article is titled Giving water sanitation inspectors cybersecurity oversight is a mistake, say industry groups, experts and it comes from Cyberscoop.

    A White House announcement that the Environmental Protection Agency will delegate cybersecurity regulation for state water utilities through local sanitation inspections is receiving a growing amount of pushback from industry groups and cybersecurity experts.

    I’ll say this, if the people are qualified to do the job, than why not? But from what the article states, the inspectors do visual inspections, and Cybersecurity for the most part is not done that way.

    There are a lot of links within this article, so quoting this is going to be difficult and so I won’t. Tell me what you think.

    Comments (1)

    Here is more on the apparent recent twitter breach

    Hello folks, welcome to more information on the supposed recent Twitter breach that has been on the radar in this industry.

    This time, the article comes from Cyberscoop and is titled Twitter breach exposes anonymous accounts to nation state hackers which was written several days ago.

    According to the first paragraph, it states:

    Twitter confirmed Friday that a bad actor used a vulnerability to match private information with potentially anonymous Twitter accounts, posing risks to users privacy.

    They said the impact was global, but went on to say that no passwords were compromised.

    It stems from a January breach and fix which recently came to life, and it supposedly affects 5.4 million of us, and that could mean multiple accounts correct?

    Twitter said it would be notifying account holders who were affected by this breach.

    The article goes on to talk about how they were notified of the sale of such data and that is a link within the article.

    They are still unable to confirm the full impact of this breach.

    “We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” Twitter said in a blog.

    If you feel you’re in danger, Twitter urges you not to publish phone numbers or email addresses tied to you. Read the full article for more.

    Comments (0)

    Saying one word can make your bank accounts or other financial accounts at risk

    So I’m looking at email and saw a Kim Komando newsletter with the title and article The one word you should never say to a telemarketer or scam caller and I found it interesting.

    I believe I’ve talked about voice recognition software in the past when I ran across it with a service I once used, but I haven’t seen it much. This recognition software would ask you to record a phraise and when calling back, would ask if it was you that said it.

    So if you read this article, the answer to the one word you shouldn’t say is answering the question of whether you can be heard. If you say “yes” that can lead to possible trouble, says the article.

    Also, in the article, they talk about an app called True Caller which is available for Android and IOS. I don’t know anything about it, but I get tons of calls and they say not to answer your phone if you don’t recognize the number or it looks strange.

    With the fact that these guys can spoof a company phone number, maybe its time just not to answer incoming calls at all, unless the call number is on your contacts. Then again, that can be spoofed too. I really don’t have a great solution to this ongoing problem.

    Have any thoughts? Sound off in the commengts. The boards await you.

    Comments (0)

    More cars getting recalled

    Have a car? Better read komando.com’s Car recall warning: Ford, Jeep, Toyota, Nissan, and BMW models affected for all of the details.

    This affects numerous types of cars, from some of the big names in cars.

    Better check this out if you are affected.

    Comments (0)

    Hackers want Google accounts. Give yours this security check now!

    I spotted this while on a call, and I’ll let the block speak for itself. I read it and its Kim writing this one.

    With your Google account credentials, a scammer can do a lot of damage. Protect yours in about 30 seconds with this simple step.

    Source: Hackers want Google accounts. Give yours this security check now!

    Comments (0)

    Komando has a duck duck go update, better privacy controls are on the way

    In this blog post from may we talked about the fact that Duck Duck Go may have had a misstep. It turns out, my thinking process was correct, as now, Komando staff is publishing an article that talks about what the search company is now doing.

    As it turns out, they entered in to an agreement with the search company and are rolling out the same technology that blocks the other trackers to work against blocking Microsoft.

    There’s other things including a link to the posting that is talked about. I forget the gentleman’s name, but iss there too.

    The article is titled Sick of Google’s tracking? DuckDuckGo just added all these privacy features and maybe it’ll put people”s minds at ease.

    I figured that it was an honest mistake, but we never know. Have you used the search engine and what did you think?

    Thanks for listening, reading and commenting if you chose to comment. Your input is valuable!

    Comments (0)

    Older Posts »

    go to sections menu

    navigation menu

    go to sections menu