The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
The biggest blog posts for the month of January
I didn’t do this earlier, although I put these in the show notes for the first podcast in February.
Here are the biggest blog posts I diatribed about that we thought were good.
Found something else? Let us know.
- Breach forums maintainer gets time served, never spent time in jail, lots of restrictions placed on him
- 16.6 million people affected, no info on what was taken
- TA866 is back to sending out email
- New sets of data, including have I been pwned data out in the wild
- Three are three domains that I wouldn’t buy
- two emails claiming the same thing, identical in wording
- Lastpass to make account updates
- The worst of the worst, the worst breaches of 2023 from Tech Crunch
- Here’s more news on 23 and me that may not have been known before
- This seems contradictory, don’t use long passwords, use unique complex passwords
- What’s going on with the perils of password misuse?
- A sim-swapping ring targeted $400m in stolen funds
Thanks so much for reading, make it a great day!
Comments (0)
The True cost of ransomware
Let’s just break this article down to the parts you need to see. Elipses means that parts of the quoted content is being skipped.
There are many considerations to have in mind when choosing whether to pay or not pay a ransom to cyberattackers. The latest report by Cybereason reveals that only one in two victims who paid up got their data back uncorrupted, and four out of five were then breached again.
The actual cost of a ransomware attack to a business includes much more than the ransom itself.
After surveying 1,008 IT professionals who all had to deal with breachers at least once in the previous two years, researchers found that 84% chose to pay the ransom, averaging from $423,000 in the UK to $1.4 million in the US.
…
“A staggering 78% were attacked again after paying the ransom – 82% of them within a year. Payment doesn’t equal any future protection!” the Annual Global Study on Ransomware Business Impact by Cybereason reads. “And 63% of these were asked to pay more the second time.”
Every third (36%) consecutive attack was carried out by the same threat actor.
…
Security professionals estimate that in 46% of ransomware cases, business losses amounted to $1-10 million, and 16% estimate losses over $10 million.
“It’s no guarantee that your data and systems will be returned uncorrupted, that attackers won’t sell your data on the black market, or that you won’t be attacked again. And if there’s any evidence that your payment was used to fund terrorism or organized crime, you could find yourself facing criminal charges,” said Greg Day, Global Field CISO, VP at Cybereason.
The report also shows that 41% of bad actors got in via the supply chain, 24% got in directly, and 22% got in with an insider’s help.
Several paragraphs whether short or long were skipped. What i showed you were the numbers from the article. To get links and other stuff from the article read the full article titled The true cost of ransomware: 78% saw attackers coming back for more | Cybernews if this interests you.
Have fun with this one!
Comments (0)
God is always watching
Hi all.
I decided to post an update here because I haven’t been active for ages.
If you read my personal blog at smeveriss.wordpress.com you may have noticed updates weekly as my life goes on.
For those that have not kept as updated as you should or wander where I am, this is the rundown.
Firstly, I am an uncle to at least 1 litttle guy and another is appearing mid year so woohoo for me.
As you can imagine, a day has been set asside and its just been changed so instead of monday its friday except this one.
This has meant I haven’t been able to go out as much though I do walk, and hang out with people.
Computer wize, I have been watching articles with interest though due to various things I don’t read as much in fact I try not to interact as much as I used to.
This is why I still am viewing twitter or x and not really pushing myself further out there.
My eyes are and will continue to be dictators of my life, if the light aint the right shade of pink or its really bright or the weather aint right then there are issues.
I never know where these will be so I try to keep my interactions to night and early morning if I can.
For the last week or so the house has been in a major construction site due to upgrading of some older systems including the water, drains, fences and the like.
So I currently am working and living in the middle of a construction zone.
There are trentches to jump, bits and bobs all over the place, and all sorts of things.
I need people to help me out and in past the dangerous holes in the ground.
Its almost done and certainly with the ability we have designing everything is quite nice though its my dad that does most of that stuff.
Between these I haven’t done much bar read a little sf and nsfw stuff, played a few games and such.
I have also gone on holiday to varous places, one of these was our local art decco festival.
The region its in was one of those devastated by a cyclone that hit last year and is still realing from it.
I have several holidays left, one local and one in feeji.\
On all of these I will not be taking electronics so I can forget about the online world.
The world hasn’t become that utopian place to live in fact its almost destopian at times.
Half of us seem to be wanting to punch the others lights out and here we are not alone in that reguard at times.
The biggest news is that one of our channels is shutting down due to worner bros/ descovery that run it having issues with funding and stuff for the last 5 months.
Rebranding and adjustmentt go on but it seems all the independant channels are going offline.
And while there are other content sources it is a little concerning that the only true news is government controled.
Thats not a big issue though the government has not been as stable as it should be with a lot of factions and fighting about so its a bit of a minefield.
While not as bad as eastern regions its never the less a concern.
Updates continue to happen, codecguide continues to release updates just about every other day, windows just released an out of band update, which had me having to remove dev home app from background.
Then windows installed bing service which is just another bit of microsoft we don’t need.
Luckily it can be uninstalled and its search extention can be removed from chrome.
All I did was view an microsoft site for history of stuff.
Its on the cusp of getting into autumn and I have only just got used to the heat.
The sun was a bit bright yesterday which was no good for eyes or skin but I protectted myself and enjoyed it.
And with that, a chainsaw is threatening my eardrums.
Time to log off, and change locations.
Comments (0)
Rhysida wants 3.4 million dollars after attacking childrens hospital
Hello folks,
We have an update now on the Chicago children’s hospital who has been down now for a good majority of the month. This is because of a Cyber Attack.
The following was boosted by Brian Krebs.
BrianKrebs: Boosting Lesley Carhart :unverified: (hacks4pancakes): I do ransomware response for really critical infrastructure – like electric power, water, transit systems, manufacturing, oil for a living. I have to be mostly be emotionally detached, even when lives are at risk – that’s triage.
Sometimes, when nobody gets hurt I even raise an eyebrow or raise a glass at a new tactic. But let’s make one thing clear:
If you ransom a children’s cancer hospital, you are irredeemable scum. You know exactly what you’re doing, and you chose to potentially delay or disrupt treatment for suffering little kids.
https://therecord.media/lurie-childrens-hospital-chicago-ransomware-rhysida?&web_view=true
The article is titled: Ransomware gang seeks $3.4 million after attacking children’s hospital.
A ransomware gang is seeking $3.4 million after attacking a children’s hospital in Chicago, forcing staff to resort to manual processes to provide care to patients.
The attack on Lurie Children’s Hospital was announced earlier this month, when officials said they had been forced to take their entire network offline due to an unspecified “cybersecurity matter.”
The Rhysida ransomware-as-a-service group — which emerged in May last year, and has previously disrupted 16 hospitals across the U.S. — has now listed Lurie on its darknet extortion site.
We’ve been watching this unfold, and while I’m not surprised, this is beyond repair.
What has the hospital done to you? Do you realize that this hospital is trying to care for children that may or may not make it? I’m not trying to be negative here, but when I read the above boost, I could feel my blood boil. Although this does not surprise me, it took way too long for anyone to find out the truth.
Hospital staff can’t even call anyone, nobody can call in to get any appointments, and this is what you ask for?
According to a statement on Lurie’s website last updated on February 22, work is ongoing to recover the hospital’s systems and the MyChart electronic records system is still down.
The article also states:
According to a statement on Lurie’s website last updated on February 22, work is ongoing to recover the hospital’s systems and the MyChart electronic records system is still down.
So now people need to bring a list of medication, identification cards, and anything else they need every time they are there to get information or the care they need.
I loved the statement made years ago where gangs vowed that they would not attack infrastructure, but then as expected, went back on their word. This was in the hype of Covid. In this blog post talking about a hospital being attacked I said that it was time for actors to find something to do. This is because we were still learning about Covid, and people couldn’t be tested. The only way in the early days was to go to the hospital. Now, we can do it at home. I did mine at the doctors office.
This was something short lived, and while the Pandemic has shifted, actors still go after places that may not even have the funding, let alone the ability to pay anything.
I know this group is still relatively new, but they are brazen and it seems like if they’re successful, this is the beginning for them as public coverage.
The article continues:
“As a reminder, please bring your printed insurance card to each appointment and also bring your child’s medication bottles or a complete list of their current medications,” states Lurie’s website.
Yeah, bring everything to all your appointments so it could possibly get snatched by someone who may be there unknowing to you to gather information while the hospital is too busy verifying things that they should already know. You never know these days., do you?
Finally,
Last August, the U.S. Department of Health and Human Services published a warning about the Rhysida group, noting that it appeared to be increasing its attacks targeting the healthcare sector.
That’s nice. I don’t remember when we first covered this group, but its time that the hospital decides they will not pay, and they continue to work dilligently to get their stuff back up and running.
Further reading
Comments (0)
Memorials for people you haven’t met
This is the topic of today’s Kim Komando newsletter. I read the newsletter with interest, wondering to myself if this could turn in to something else.
Right now, Kim says that it isn’t necessarily a bad thing, its just people in other countries that read obits of people they don’t know to get clicks and likes. The countries mentioned only make roughly a couple hundred dollars a year, says the article.
Could it become more? One story within this article talks about a family who had a go fund me page put up that wasn’t theirs, and and another who had someone take money and left before they were caught.
What people will do with the greaving these days.
YouTubers are creating memorial videos for people they’ve never met
Comments (0)
Starbucks to change their accessibility of their stores
Our Canadian contact, Tim Appleby posted this to Mastodon.
If this works, this will definitely be very interesting in retail.
There’s a lot of things within this article I’d love to talk about, especially the fact they are making it easier for wheelchairs and the people that use them.
I’ll let you read the article. Its titled New first-of-its kind Starbucks is focused on accessibility and thanks for reading!
Comments (0)
The Security Box, podcast 181: Phishing Sites impersonating social media
Hello folks,
Welcome to the security box, podcast 181. We had our usual suspects, I mean participants for today’s program. We welcome back Nick and Terry also showed up. We did miss Preston, but hopefully Preston is OK.
Terry was correct about LockBit, congratulations!
We’ve got news, notes, the landscape and we even go back through last week to let Nick catch up with those highlights.
We even added to the list of diatribes with some of the posts on the blog as of late too.
This podcast is done with the sponsorship of The Jared Rimer Network.
Here is the 169.6mb download of the podcast if you don’t have RSS.
Next week, we’re going to talk about a topic in which we posted about already, and the hint is, its a new way of getting their wares out without being detected easily.
Here are the show notes for this week’s podcast. Thanks so much for listening and let us know what you think!
Hello everyone, welcome to the Security Box, podcast 181. In Q4 of 2023, Phishlabs is reporting that a record of phishing sites impersonate social media to target victims. Question for the listener, what do you think you should look for when you get communication that talks about social media before you click, tap, double tap or press enter on a keyboard? We’ll have the news and landscape as well as your comments and concerns. We hope you enjoy the show!
News, notes and the landscape
- You have to be kidding me, 1 year later and the DOD is sending out notifications?
- 2.5 million private plane owners breached
- 911 proxy is back, new name: cloud router: still dangerous
- Avast caught collecting lots of info? Selling it to other companies?
There are other smaller news items, but these might be the bigger ones. If yours isn’t on this list, what fancies you? Contact me through jaredrimer.net and let me know. You can also send things to ponder files which can be played as well.
Our Topic: Phishing Sites up and impersonating social media
Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4 comes to us from Phishlabs this week. Let us know what you think good, bad or indifferent.
Supporting the podcast
If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.
Internet Radio affiliates airing our program
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
Comments (0)
Vice media group now gone
I have been subscribed to Cyber, a Vice media podcast. Their last, by the looks of it, is a 66 minute diatribe on how the company failed.
While I have not listened to the thing yet, I plan to. I have listened to their podcasts, and they have had some great content.
The article The Vice Media Collapse Was Entirely The Fault Of Incompetent, Fail-Upward Brunchlords goes in to complete detail from someone who worked there.
I respect Joseph Cox, I heard him on vice on a regular before he said he was leaving. Now, he is involved in 403 media, which is a paid site. Free users can read, but it looks like you can only read so much.
Karl Bode, the author of the piece has a great article here, and this is why I decided while I can write,
They also talk about other failed companies too.
While I’d love to receive donations, it isn’t about the money for me. Its about getting out the news. and making sure that I do a great job doing it.
While it is slow and painful, I must get better. Spelling some of the names of these groups and making sure my spelling in general must improve. I don’t claim to be perfect, and I know I see things after the fact.
With this said, I know plenty of folk who do a good job in journalism who have left their job including Brian Krebs. Its just a tough world out there with so many people writing.
Sorry to see Vice and its companies go. I respected motherboard and that group for the reporting they did.
Comments (0)
Savvy Seahorse uses facebook for investment scams
Cybernews is reporting that Savvy Seahorse, a new group out there since at least 2021, is now turning to Facebook for its investment needs.
The money sent is being sent to a state owned bank in a popular country we all would love to hate, Russia.
A newly discovered threat actor called Savvy Seahorse creates fake investment platforms, lures in victims with the help of Facebook, and transfers the ill-gotten deposits to a Russian state-owned bank.
According to Infloblox’s threat intelligence group, which has published a new report on Savvy Seahorse, this Domain Name System (DNS) threat actor creates fake investment platforms where victims can deposit funds and are lured in by spoofing well-known icons such as Tesla, Meta, and Imperial Oil, among others.
What isn’t surprising is this short paragraph which talks about using Facebook advertising.
What’s more, the group uses Facebook ads to convince users to enroll in the fake platforms, and then transfers those deposits to a Russian state-owned bank.
They target all kinds of languages, English being one of them.
The attackers have been targeting Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers. Mysteriously, the campaigns appear to specifically protect potential victims in Ukraine and a few other countries.
I do have to give the group credit in the way that they keep their stuff up and running. Read and learn.
Savvy Seahorse abuses the DNS in an obscure way, Infoblox says. They leverage DNS canonical name (CNAME) records to create a traffic distribution system for sophisticated financial scam campaigns.
As a result, Savvy Seahorse can control who has access to content and can dynamically update the IP addresses of malicious campaigns.
“This technique of using CNAMEs has enabled the threat actor to evade detection by the security industry,” says Infloblox, adding that Savvy Seahorse has been operating since at least August 2021.
The threat actor’s campaigns feature a variety of advanced lure techniques but they all follow a similar pattern, with the end goal of stealing the victim’s personal and financial information for monetary gain.
There’s plenty more about this group and what they’re up to.
Want to read more? Threat actor uses Facebook to lure victims, sends cash to Russia
is the article. Have fun with this one!
Comments (0)
United Health’s Change Health was Black Cat or ALPHV
This is interesting, the fact that someone took responsibility is a miracle.
The attack, which forced UHG’s health technology giant Change Healthcare to shut its system down on Wednesday, was carried out by the Russian-linked ransomware cartel, according to Reuters, who spoke with two people familiar with the matter on Monday.
We have no further comment.
Cybersecurity experts at Google’s Mandiant have been hired to investigate the breach, the two sources said. Mandiant confirmed in a statement it “has been engaged in support of the incident response” but declined to comment further.
From what we understand there wasn’t a ransom payment made.
“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online,” Optum (a division of UHG) said in its latest update on the Change Healthcare attack Monday evening.
Other prescription services were backed up because of the ordeal.
Meantime, large pharmacy and supermarket chains, including CVS, Walgreens, and Publix, have all confirmed a “significant backlog” of unprocessed prescriptions while frustrated customers shared their experiences on social media.
For full details, please read the article titled UnitedHealth’s Change Healthcare hack blamed on ALPHV/BlackCat and feel free to comment if you wish.
Comments (0)
Mr. Cooper hasn’t seemed to learn anything, still vulnerable: here’s the update
This feels to me like Experian and others all over again. When you actually read this article titled Mr. Cooper leak exposes over two million customers you’ll probably need to go do something that won’t be mentioned here.
Mr. Cooper, a major US mortgage company, left an open Google Cloud instance exposing details of millions of its customers only two months after the company suffered a severe data breach.
America’s third-largest mortgage servicer left details of its customers accessible to anyone willing to look, recent research from the Cybernews research team has revealed. Mr. Cooper’s open Google Cloud storage bucket contained a trove of data, including marketing materials and site assets, but more importantly, names, loan numbers, and other data about its customers.
The team discovered the leak in late December 2023, less than two weeks after Mr. Cooper revealed it suffered a significant data breach in October 2023, which exposed the information of 14.6 million of the company’s clients. However, the publicly accessible data discovered by the team does not include data exposed in the October breach, pointing to the incidents being unrelated.
What kind of Mr. Cooper data was leaked?
After researchers contacted the company, Mr. Cooper closed the open Google Cloud instance and fixed the issue. We reached out to the company for official comment about the leak yet did not receive a reply before publishing this article.
What kind of Mr. Cooper data was leaked?
According to the team, the documents with personal customer data were likely used to track Mr. Cooper’s push to adopt the “Paperless” feature, where customers are sent digital documents instead of printed ones.
The leaked data includes:
But that’s not all. They initially fixed the problem but research found other stuff too.
They also found that other users, not directly doing business with Mr. Cooper were also affected by this massive breach.
The team discovered two kinds of sensitive files on the open instance: one type containing names and emails and another containing names and phone numbers. Files with names and emails had details on 1.7 million individuals, and files with names and phone numbers had data on 2.7 million individuals.
The leaked data also contained the names and phone numbers of other mortgage brand customers serviced by Mr. Cooper:
- 207,672 United Wholesale Mortgage customers
- 161,761 LakeView customers
- 53,924 Veterans United customers
- 37,384 USAA customers
- 35,794 RightPath Servicing customers
- 12,722 Wintrust Mortgage Customers
- 3,778 Paddio Customers
The links that were found in this open Google database could allow anyone to make some modifications to the account without logging in to the web site or application.
Additionally, some of the leaked details included “enrollment links,” allowing the modification of some account settings without logging in. For example, malicious actors could use the flaw to enable the “Paperless” feature for users’ loans.
This is the first time I’ve heard of this. I hope it is the last I hear of this.
MENVI has an application, after that, everything else is closed. The Mix, the same thing.
According to Mr. Cooper’s website, the company has 4.3 million US customers and is the country’s third-largest mortgage servicer. The company’s revenue for 2022 stood at nearly $3 billion, and the company employed over 8,000 staff.
Better notify everyone, we don’t know how bad this is going to be.
To read the entire article, in case I missed anything in quoting the most important parts, please read the Cybernews article titled Mr. Cooper leak exposes over two million customers | Cybernews.
Yes, this article was written on the 22nd, but I didn’t see it till now. I’ve been in this section of their page and didn’t spot it.
I know of at least one user who will probably need some help after reading this. It won’t surprise me if they get the moron of the podcast this week. This is crazy. Sound off!
Comments (0)
User gets charged $104k for a DDOS attack, CEO writes to forgive bill
A person who posted on Reddit about a $104k bill because of a DDOS attack will get the bill forgiven.
The company, who is named in the article mentioned that this was an unfortunate ordeal where support should have been forthcoming.
Cybernews could not independently determine if the account claiming that the bill was forgiven was the actual CEO, but prior posts indicate such.
This is unfortunate, and I think that the company tried to do their best. For a free site provider, who offers free hosting, they should have some form of knowledge of normal usage VS an attack.
Whether you have a DDOS protection service or not, this provider tried.
DDoS attack led to a $104K bill from hosting provider: “I thought it was a joke” | Cybernews is the article where you can learn more.
Comments (0)
So is it LockBit or is it not LockBit? That’s the question
Michael sent this Ars Technica article to TSB’s list titled Ransomware associated with LockBit still spreading 2 days after server takedown written by Dan Goodin.
This one is interesting, as this version of what could be LockBit could be in fact others using it in combination with other things including Cobolt Strike.
I don’t remember if Cobolt Strike was ever installed with LockBit, but from what I’ve read, I don’t think so.
Brian Krebs also wrote about LockBit’s demise and resurrection FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. was written on the 25th, two or three days after the news of the takedown happened.
That article said nothing about this apparent strain of the biggest Ransomware that has been known to be out there.
To be fair, I’m no expert, but anything is possible with older versions either leaked or not supported by the offical gang.
Brian’s article talked about the original guy who was taunting authorities and even put a 10 million dollar bounty on his own head.
You can read both articles and let me know what you think. Could there be an interesting Ars angle that we should be aware of in regards to the group?
I guess we’ll find out as time goes on.
Comments (0)
Loan Depot update: attack in January leads to breach
I saw this through my posting of Databreaches articles to my feed, but I also thought I saw this in an earlier post on Mastodon.
Suffice it to say, I’m here to give everyone a Loan Depot update.
Now we’re learning that the attack that started as a Ransomware attack is now a breach, and the roughly 17 million people are being notified.
I give Loan Depot credit here. They’re being transparent about things and updating those affected accordingly. This is the best we can ever ask for.
We want this in companies and it doesn’t matter the size.
We knew that the Ransomware attack could have exposed info, but we really didn’t know what. If you read nothing else from this article, you’ll learn a little bit more. Yes, customers and former customers are affected.
LoanDepot suffered a ransomware attack exposing the sensitive data of nearly 17 million individuals including PII data – Now, the company is offering credit monitoring and working to mitigate potential damage.
A major ransomware attack leading to a massive data breach at LoanDepot, a leading mortgage lender, has exposed the personal information of nearly 17 million individuals. In a data breach notification to Maine’s attorney general’s office, the company confirmed that the breach took place on January 3, 2024, and was discovered a day later on January 4.
The Breach:Details surrounding the attack remain limited, but LoanDepot acknowledges unauthorized access to their systems, potentially compromising sensitive customer data. While the specific types of information exposed haven’t been confirmed, the letter sent to the victims of the data breach suggests it could include their full name, address, email address, financial account numbers, social security number, phone number, and date of birth.
Impact on Individuals:
As written then, they took steps to make sure that they could get things working. Then the investigation found what we’re highlighting here. Being transparent is the key.
LoanDepot took immediate action to contain the attack and secure their systems. They launched an investigation in collaboration with cybersecurity experts and notified law enforcement authorities. Additionally, the company has offered one year of complimentary credit monitoring and identity theft protection services to all impacted individuals.
Uncertainties and Concerns:
It would not surprise me if people, especially non-customers, sue the company for neglegence but we’ll have to see over time. The article says:
The LoanDepot data breach is likely to attract scrutiny from regulators and may lead to legal repercussions. The Federal Trade Commission (FTC) is responsible for enforcing data privacy regulations, and they may investigate the incident to determine if LoanDepot followed appropriate data security practices. Further, affected individuals may have legal recourse against LoanDepot for failing to protect their personal information.
For insights into the LoanDepot data breach, we reached out to Javvad Malik, Lead Security Awareness Advocate at KnowBe4 who stated “This breach at LoanDepot is a reminder of the far-reaching consequences of ransomware attacks and it’s concerning to see the scale and sensitivity of the data involved, particularly the inclusion of Social Security numbers, which opens up Pandora’s box of identity theft and financial fraud possibilities.”
Javvad emphasised the importance of employee training within the organisations especially those responsible for data handling. “This incident highlights the critical need for organizations, especially those handling vast amounts of personal information, to invest in strong cybersecurity measures, including threat detection, response strategies, and most importantly, providing employees with timely and relevant security awareness and training.”
Ransomware Gangs
KnowBe4 is one of the leaders in Cybersecurity training, and they’re a resource on EMHS. We love the work they do and I’m happy to see Hackread interview them for this story.
To read more, please view Hackread’s complete coverage of this. LoanDepot Ransomware Attack Leads to Data Breach; 17 Million Impacted is the article.
Thanks for being subscribed to the blog! When we find updates, and they’re worth sharing, we do it.
Keep on fighting!
Comments (0)
Tangerine telecom says they had a breach, looks at data, decides what they need
While this is not a good thing for this NBN company, the fact that they looked to see what data they need to handle their day-to-day processes is key.
Maybe my podcast is reaching the right people? I know I’ve been harping for a long time about people hanging on to data they really don’t need. Even I questioned certain data I just don’t collect anymore.
The problem this company had was a legacy database which they took offline. The good news is that it was protected, but the credentials somehow got loose by some means which are not clear.
The issue is that we’re finding about it now, but the incident took place last year. They took steps then to contain the issue, revoke the account, look at processes to determine what data was absolutely necessary to conduct business and moved forward.
I applaud Tangerine for doing what I’ve been advocating businesses do. Although this was an isolated incident, names, numbers, email addresses were all pilfered from this legacy database.
The number of people affected and notified were 232 thousand.
Tangerine Telecom says customer data of 232,000 affected by ‘cyber incident’ is the article you need to read if you are a customer.
While it is a few days late, I saw it last night on Mastodon.
Comments (0)
U-haul gets owned, unknown of users affected
Bit Defender is reporting that U-Haul has been breached, and while the information may be separated by payment details, phishing is going to be the key here.
U-Haul is a trucking company that allows you to rent trucks for moving whether it is short distances or long.
U-Haul Tells Customers Their Personal Data Has Been Caught Up in a Breach is the article.
The apparent breach occurred December of last year. The number of customers is unknown.
Comments (0)
An update and some thoughts about the toothbrush fiasco
We did cover the fact that the toothbrush fiasco was just a story that was just one of those that could possibly happen.
But Kevin has a very interesting take on the whole thing. He is boosted by a follower.
Steve Mann: Boosting Kevin Beaumont (GossiTheDog): During the whole toothbrush botnet thing, people said ‘yes, the story is fake but it COULD happen’.
Almost every smart toothbrush uses Bluetooth so no, it could not.
Somebody pointed me towards one on Amazon which says it uses wi-fi, so I ordered it and investigated.
The toothbrush only has Bluetooth. The charger uses wi-fi – but has no open TCP or UDP ports. Traffic is outbound only, TLS 1.3.
So no, it was just total nonsense.
While I respect Kevin,I think that at some point, something like that story could come true. And while the news he shares here is great news, we know that devices have been made poorly and could probably do what the false toothbrush story did share.
I think that story was a great thought piece, and I called it only because of its operating system being so old that it isn’t used because it isn’t an operating system anymore.
Thanks Kevin for confirming that we do not have anything to worry about in regards to our toothbrushes, even the smart one.
Search tooth brush for other coverage including the first report that started it all. It is something worth reading, even though it was a fictional story.
It could, some day, happen. Maybe not now, but like Big Brother in 1984, its a possibility.
Let’s hope it stays a long shot posibility. Like, past our lifetime. I don’t want to write about it.
Comments (0)
We expected this, but Lockbit is now back and could become more dangerous
Terry Ring, one of the people who participates here on TSB as well as assisting in the Security Hour on Throwback called this one.
I did state that it is possible that he could be right, and we do know there have been at least two arrests during the takedown.
I’m not necessarily surprised at the fact we’re learing two things.
- They have ongoing wallets of unspent funds
- the funds range somewhere between 110 and 125 million dollars in today’s exchange rate
Unfortunately, this means that they’ve rebuilt servers and infrastructure and I think they’ll be more dangerous now.
While we enjoyed the respite, I think this was monumental. Even though it didn’t last long, we can celebrate on the fact that we can work together and we can disrupt the infrastructure. Even if it is a short time, they were too busy rebuilding instead of bugging people for money. That was a great win for us, and we should smile at this win.
Following the LockBit takedown in Operation Cronos, the National Crime Agency (NCA) in the U.K. with support from blockchain analysis company Chainalysis identified more than 500 cryptocurrency addresses being active.
LockBit’s money
The article continues:
The investigation found that more than 2,200 BTC – more than $110 million at today’s exchange rate, remained unspent when LockBit was disrupted.
A press release from the NCA today notes that “these funds represent a combination of both victim and LockBit payments” and that a significant part of this money represents the 20% fee that affiliates paid to the ransomware developers.
The work that Chainalysis and others do to disrupt and hopefully take down these groups is tremendous. Chainalysis was talked about in one of the books I recently read, search it out on the blog.
As expected, the article indicates that they did not delete data, even after getting paid. I hardly think actors do this, they want it around if they ever choose to go after the company or individual again. Its precious data to them.
To read more, read the article LockBit ransomware gang has over $110 million in unspent bitcoin coming from Bleeping Computer.
We’ll have to see how bad this is going to get now. Great call, Terry!
Comments (0)
This Week on TSB, Social Media leading the way in Q4 in phishing pages
Hello folks,
This week, Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4 is our article and topic.
When putting these notes together, its interesting that we have a new CCTLD out there called .tr. While I give suggestions of what to look for, I know that we’ve seen things coming from .online, .top, .shop, .online, .email, .biz, .email and possibly others.
While the generic TLD like .com, .net, .org, being the top three have fallen, they are still being used.
As for shorteners of links, they are in the 2 percentile range, but still out there. I still see them today.
In Q4, phishing sites impersonating your favorite social media site is up a whopping 67 percent QoQ (quarter over quarter) while financial institutions dropped just under the 20 percentile.
We did quote some of the sections for clarity, but I added my spin where appropriate.
Please feel free to read the complete article so you’re aware of what types of links to look for so you can be more secure.
See you all later!
Comments (0)
Will this guy actually get the time mentioned? We’ll see
62 years. This is actually exciting. But will it actually happen? We just don’t know.
Florida man Timothy Burke is facing charges of conspiracy, unauthorized access to protected computers, and violations of the Wiretap Act.
If convicted of the above charges, Burke could face a maximum penalty of 62 years in federal prison.
According to the indictment document by the United States District Court, Burke played many different roles in this conspiracy, including utilizing compromised credentials to gain unauthorized access to protected computer systems.
This article also says:
According to the indictment, Burke organized and exploited a number of electronic items and information while intercepting and disclosing the contents of wire, oral, and/or electronic video communications.
Was this intentional?
Burke intentionally attempted to intercept the contents of wire, oral, and electronic communication “as it was occurring by means of a device, namely a computer.” He also recruited another individual to carry out this crime.
The paragraphs are short, I could take this apart, but I’ll save my breath for something I spotted on Databreaches and am looking for. But if this holds up, this should be the type of sentence handed to people who hack, not 5 to 10 years as some stories i’ve seen will give these people.
Florida man could face 62 years in prison for hacking | Cybernews is the article you need to read if you’re interested in this story.
Comments (0)
navigation menu
- Archives
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
Join 10 other subscribers
- The tech blog’s pages
- Blogroll
- Crashmasters blog
- Cyberscoop
- Documentation
- Improve Internet Accessibility for Individuals with Impaired Vision
- International friends network stream
- Kim Komando
- Krebs On Security
- Plugins
- Register to this site
- Suggest Ideas
- Support Forum
- supporters and partners
- the blind perspective
- The Jared Rimer Network donations page
- The Phishlabs Blog
- The Security Box discussion list
- The Technology blog and podcast and TSB on amazon music podcasts
- Themes
- toptechtidbits
- WordPress Blog
- WordPress Planet
- “Blind VMS and the Tech podcast join forces”