go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Microsoft ficxes patch, broke VPN services

This probably doesn’t happen too much, but i ran across a story on Ars Technica while looking for something else we’ll be covering.

The article is titled Microsoft fixes Patch Tuesday bug that broke VPN in Windows 10 and 11 which is a good thing. Its an out-of-band patch which you should at least know about if you’re interested.

I hope that this finds you well.

Comments (0)

Sans News Bites, January 18, 2022

This is the web link for Sans News Bites for January 18, 2022. The newsletter has thoughts on the recent arrests of REvil members and other stuff that might be of interest to you.

The top story is the one that interested me, but I agree that this isn’t enough. We know that Russia is probably up to no good, yet they arrested their own after careful cooperation plans that included us not metaling in the Ucrain problems I heard about in yesterday’s room on clubhouse.

What do you guys think about this or any other aspect of the newsletter?

Comments (0)

Windows Update: Wormable flaw on the loose, Other software too

Hello folks,

A little late, I’ve got Krebs on Security’s article on Windows Update. My computer last week called for a reboot, so I did it.

There are several CVE numbers given within the article.

‘Wormable’ Flaw Leads January 2022 Patch Tuesday is the article.

We’ve got already over 21,000 CVE’s and we’re in the middle of the month of January,, approaching the end. This necessarily can’t be good, but at the same time it is, as more bugs are getting fixed.

Hidden in This Week in Security News – January 14, 2022 from last week, Trend Micro also has a blog entry talking about Windows Update but I don’t see it in my feed. They do have other news in here that may be of interest, so take a look and see what interests you.

Comments (0)

IOS 15.2.1 now out, no fixes for blind users

Hello folks,

Last night, I was notified of an update to IOS to 15.2.1. Apple Vis does have a small write up. One of the bugs fixed was dealing with messages and photos not loading via Icloud. The second talks about third party car play applications not responding to input.

The blog post talks about how to update IOS to the latest release.

I hope that this information is of value to you!

Comments (0)

Webinar: Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse

Knowb4 is hosting a Webinar titled Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse which will be on Wednesday, January 19th at 2 PM ET, 11 am PT. The webinar is an hour, and this is going to get interesting.

As part of the segment I’ve recorded for this week’s Throwback Saturday Night I mentioned the subject line and mentioned that I had not read the email.

Well, I did, and this is a webinar and it looks like its going to get interesting.

  • Host: Roger Grimes
  • What you’ll learn:
  • How ransomware is evolving beyond double extortion, what’s coming next
  • Proven best practice defenses that you need to follow to avoid becoming a victim
  • How to empower your users to be the best, last line of defense when everything else fails
  • Register for the event through this link
  • This means that the Security box will happen after the event is over, so I’ll schedule it between 12 and 12:30 PM US PT, 3 and 3:30 ET, and 2 and 2:30 CT.

    I hope you can join me, as I hope we can learn a lot. Thanks so much for reading!

    Comments (0)

    An app developed to get us to bus stops

    One of my buddies sent me this article titled Next Stop on the App Store: Artificial Intelligence Mobile App Helps People With Low Vision Find Bus Stops and I’m sending this to my team at Metro to see what they think.

    I know of a couple of places where it could be benificial to me, one around here where we have multiple bus stops at the same area, and the potentials of multiple buses stopping at the same stop.

    I don’t rely on Google Maps necessarily, but I rely on what vision I have to find benches and then wait near light, or if there is a pole nearby, wait there.

    One driver got someone off because I wasn’t at the official stop when I wrote a report of a passup. I explained how we were trained and they asked whether I had someone to teach me.

    Sadly, I had nobody to teach me, and I do not like getting drivers in trouble even for a passup. It doesn’t make me feel good, as I’m a rider like anyone else. I even was passed up early in the morning, as I was under the light, but they didn’t see me until they were across the street.

    One driver even stopped to pick me up at a stop after they saw me and I was at the bench and near the pole, but I definitely wonder if this app could’ve helped me?

    I’m curious on why I need sighted assistance to set up the app? Transit App, Metro’s official app, didn’t need to be set up by a sighted person for me to utalize its features.

    I’ll see what my people think, but i’m curious on whether you nice people have used this app before or even read the article?

    Get in touch.

    Comments (0)

    5,000 web sites were offline, belonged to school districts, timeline is similar to 2017 for me

    Hello everyoone,

    This articular article was sent to our list today, and reminds us that ransomware is still on the loose.

    Similar to what happened with me indirectly in 2017 Valley College where I had attended free classes was affected then. A Cyberscoop article I blogged about in 2019 talked about this too.

    Then we come to this NCSAM posting I blogged about in 2020 titled NCSAM: Schools are no longer safe, now PII on students are out on the surface and dark Web In that article, I blog about this heavily linking to those articles on top of my own thoughts on what I think we should do.

    While Valley College affected me, these cases that are talked about affect more students than just your college student. I could only imagine what parents are giving the schools now even though Covid is becoming a problem again and distance learning is taking hold once again.

    Now, Michael gives us this tech crunch article: Finalsite ransomware attack forces 5,000 school websites offline. It is similar to my story because it happened right after the beginning of the year, and actors know that during the holiday, this is the time they can pounce on such a target. This particular case is much larger than Valley College for me, and the numerous school attacks I’ve blogged through the years as this story covers 5,000 schools hit at once. This is a bigger deal than Valley, but similar because of the timing.

    Let’s make no mistake about it, any of these stories are bad, and I don’t wish people to go through any of it.

    We’re sadly in a different era now, and my email from knowb4 indicates that we’re now in nuclear ransomware 3.0. I haven’t read the email yet, but saw that this morning.

    I’m not sure now what to think. I hope that we can try to get a grasp on this before it is too late. Read all of these articles, including the latest on the 5,000 schools and what might affect you. Just be aware of it.

    One of the paragraphs I’m only quoting partially says:

    Finalsite spokesperson Morgan Delack told TechCrunch that 5,000 of its total 8,000 global customers — including school districts in Kansas City, Illinois, and Missouri — are affected by the incident.

    One reddit user claimmed that email couldn’t be sent either. Some email may still not be reaching customers (you, the parent or student) as we speak. This is now becomoing a larger problem, one that we are not yet capable of grasping quite yet. Just take a look, and be aware.

    Comments (0)

    Android should be ashamed of itself, fixes bug that disallowed 9-1-1 calls

    I saw this article late the other day, and finally got around to reading it. It is unfortunately sad that Android had this bug where Microsoft Teams of all apps was part of the culprit of disallowing someone from calling 9-1-1.

    The article talks about someone in December who needed 911 because of a situation going on at their home. Luckily, a landline was available and they were able to get the help they needed.

    While I tried the emergency calling button a couple of times, I didn’t really need it. Because I had no speech or no idea what it was doing, they called me back. I just said I was doing something with the phone, but everything was fine.

    In this Android’s case, there was no call made at all. It could’ve been tragic, and Google decided to wait an entire month to fix it, although the 6 is getting delayed due to other technical problems.

    For the full article, Read the ars technica article titled: Google fixes nightmare Android bug that stopped user from calling 911. This can’t be good.

    Comments (0)

    Student data still taken even after legal got involved

    Today’s topic is going to be Advertisers are sucking up student data, even after legal action, researchers say which I read during the Christmas break.

    We take several paragraphs as part of the discussion, and I think this will take podcast 76 in a good direction.

    Since I’m barely getting a chance to blog about this today, I’ll keep this short, and its going to be linked again in our show notes when the podcast is released.

    Feel free to comment and let us know if we can air those comments. I can leave the name or handle out but the general comment can definitely be aired if you wish.

    I hope this finds you well.

    Comments (0)

    T-Mobile, you’re starting to learn, but another security breach greeted you

    T-Mobile has learned a little bit about security but not much. An article I spotted last night and read this morning tells us that this breach was a lot smaller. The information taken could be troublesome, including sim-swapping which was reversed by tthe company, and other info about the telephone line like how many lines the customer has among other things.

    The article is titled T-Mobile welcomed Christmas with its second data breach in less than six months and as I said, was good and bad news for the company.

    The article does say breaches like this happen all the time, especially with sim swapping, but T-Mobile is getting scrutinized because they recently had one of the worst breaches I’ve ever seen in this space.

    If you were affected by this breach, how was your experience with the company on getting things resolved?

    Comments (0)

    Gatekeeper security bypassed again, this isn’t the first time

    I don’t get much in the mac news, but someone on my email list sent this over and its several months old. It comes from the Hacker News, and it talks about another bypass of gatekeeper on the Mac.

    While I have some experience on the Mac, my knowledge is very limited. One of the things the article does state is that a PDF can be opened which could bypass gatekeeper and other security mechanisms that the operating system offers. Apple has fixed this in their September Mac update.

    Want to read more? Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security is its title, and I hope that Mac users will find this of value.

    Comments (0)

    Did Lastpass get hacked or targeted?

    Hello folks,

    I’ve been seeing tweets of a potential hacking attempt over at lastpass. Lastpass is just like any companym, and I decided to go over to see if they had any news on what was going on.

    The good news is that no user data as far as they can tell was ever accessed, but credential stuffing was definitely the cause on some accounts.

    The article is titled Unusual Attempted Login Activity: How LastPass Protects You which you should read.

    The article is detailed on what they found, the fact they monitor for such things, and advise users not to use their master password for anything else. They believe that the attempts were as a result of prior breaches elsewhere, where actors are trying to try email address and password pairs to take over lastpass accounts.

    The article also talks about the password recovery process in case users need to utalize it and the fact you still need to use a browser you last logged in successfully to regain access to your account.

    If you use Lastpass like I do, than you should read this one. I found this article very valuable. Thanks for reading!

    Comments (0)

    Shutterfly appears to have been the next victim in the ransomware is back game

    Hello folks,

    It looks as though Shutterfly was affected by Ransomware, according to a Cyberscoop article titled Photography site Shutterfly is dealing with a ransomware attack. From this article, we can learn that credit card data is not affected, but as security experts have said, keep an eye on things, especially if you pay for the service.

    They engaged third-party services to help with the incident, which was first reported by Bleeping Computer and linked within the article.

    The company would not indicate to the press whether they were talking to the actors to negotiate a ransomware payment.

    If you guessed that the Conti gang was responsible for this, the Cyberscoop article says that it is. It gives a history of what this gang has done in the past.

    According to the final paragraph, it says:

    The ransomware attack did not impact Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites, according to the company.

    I’d say that this is what we know so far, and you should be vigilent and watch your credit or debit card for suspicious activity, especially if you have used Shutterfly services.

    Read the article for complete details, and make it a great day!

    Comments (0)

    Here’s a timeline of some NSO news … Some we knew … Others we didn’t

    Hello folks,

    As I said earlier, I’m catching up on some news that I haven’t read, and soon we’ll cover stuff I’ve read that never saw the light of day on podcasts or the blog.

    This time, it looks like we’ve got a timneline of whats going on here at NSO, and of course, it doesn’t look good.

    The secret Uganda deal that has brought NSO to the brink of collapse is the article title and it definitely seems to be worth the read, seeing how the story of the downgrade was made on the money borrowed was discussed, the company defaulting on loans borrowed in 2019, and other things that have been covered as well.

    From what the article says, the NSO group now wants to turn Pegasus in to a defensive operation to please the United States, but i wonder if that is past time now.

    Only time will tell.

    Here are several paragraphs which start the narative of what seems to be a full timeline.

    In February 2019, an Israeli woman sat across from the son of Uganda’s president, and made an audacious pitch—would he want to secretly hack any phone in the world?

    Lt. General Muhoozi Kainerugaba, in charge of his father’s security and a long-whispered successor to Yoweri Museveni, was keen, said two people familiar with the sales pitch.

    After all, the woman, who had ties to Israeli intelligence, was pitching him Pegasus, a piece of spyware so powerful that Middle East dictators and autocratic regimes had been paying tens of millions for it for years.

    But for NSO, the Israeli company that created Pegasus, this dalliance into east Africa would prove to be the moment it crossed a red line, infuriating US diplomats and triggering a chain of events that would see it blacklisted by the commerce department, pursued by Apple, and driven to the verge of defaulting on its loans, according to interviews with US and Israeli officials, industry insiders and NSO employees.

    A few months after the initial approach, NSO’s chief executive, Shalev Hulio, landed in Uganda to seal the deal, according to two people familiar with NSO’s east Africa business. Hulio, who flew the world with the permission of the Israeli government to sell Pegasus, liked to demonstrate in real time how it could hack a brand new, boxed, iPhone.

    The eventual business was small for NSO. A person familiar with the transaction said it brought in between $10 million and $20 million, a fraction of the $243 million that Moody’s estimated the privately owned NSO made in revenues in 2020.

    But about two years after the sales pitch, someone deployed Pegasus to try to hack the phones of 11 American diplomats and employees of the US embassy in Uganda, according to two US officials, who spoke after notifications were sent out by Apple when the iPhone maker discovered and closed a flaw in its operating system in November.

    This is only the beginning of a much longer story worth reading. Have fun with this one!As I said, some of this we knew, some we didn’t. You be the judge.

    Comments (0)

    Samsung has good phones, but what about their app store?

    Just looking at the Security Box Email list, and saw an article about Samsung’s app store. If this is true, Samsung should be ashamed of itself.

    Michael, the poster who sent this Phone Arena article, indicated on our network that these phones get updates and recommended them. But he never talked about the app store.

    I am not sure why, maybe he didn’t know about it, or decided that since it isn’t one of his main phones, he just doesn’t do much with the phone as it is.

    Regardless, this week is blogging week, and I feel that this article should be blogged. Its titled Samsung’s app store is home to potentially harmful apps and should be read.

    The article talks about apps that are found in this store and what their behavior is. Its unfortunate that app stores are now having these types of problems, especially if the apps look to be just fine by reading descriptions and the like.

    If you use the Samsung app store, what do you do to make sure that you’re not getting bit by apps that are exfiltrating data and asking for more permissions than they need? The boards and comment lines await you.

    Comments (0)

    Sans News Bites, December 28, 2021

    Hello everyone, welcome to blogging here on the blog. We’re going to start the blog posts with Sans News Bites. In the December 28th edition, we find some news in regards to Log4J, other breaches in the health care industry and more.

    Here is the Web page version of the newsletter that was sent on the 28th.

    I hope that this finds you well.

    Comments (0)

    More Log4J news read during the holiday

    During the Holiday break, I have been doing some reading and found some articles I want to talk about. Two of the three in this post were sent to the Security Box Email list, the third was more for people who need to know what to look for to try and protect servers and things from this ordeal and to offer steps on what you can take.

    Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

    This is probably not a surprise. We read as part of podcast 74 that delbt with Log4J that cars may have an impact, but we really don’t know to what extent.

    What we do know is that we now see that at least for now, a proof of concept may be possible.

    Here is the opening paragraph. It says:

    Evidence of attacks using the Log4j vulnerability was also shown in a test that triggered a bug on a Tesla car. For this case, the source does not provide much information on where it was actually executed. Nevertheless, this means that the exploitation of the vulnerability could still have an impact on the user’s privacy and the general security of the car because a back-end compromise could allow attackers to push actions to the car and serve malicious firmware over-the-air (FOTA) updates.

    As we know, the invent of the smartphone can give us a lot of convenience, like checking our email on the go, looking up sports, watching sports or movies, and even playing games. According to this article, it can also replace the keys that you would put in your pocket for the electric cars. This would in turn, make the car a perfect target as you don’t have to have your key around while you operate it.

    Here are other paragraphs that might be of interest in this discussion.

    Beyond the three devices or properties in modern cars discussed in this article, there are still many more to test and monitor for Log4j vulnerabilities. Among them are servers’ responses to tests and plenty of other vectors that could allow attackers to use the access afforded by applications to send commands that can unlock a car, control the heating, and perform other functions that can be abused by malicious actors.

    Nobody has thought about that paragraph before, have they? Yes, you don’t need a lot of gas usage now, and it saves you money, but what about the ways it could be abused like what was discussed in a Security Now episode where someone took a car for a rental and how he still had access? There’s more we’re quoting as part of this too.

    Up to now, organizations and security experts are still grappling with the full extent of the Log4j vulnerabilities. It is likely that more reports looking into the effects of these vulnerabilities in specific services, devices, or applications will be released in the coming weeks. On the other hand, cybercriminals are also making the most of this time to catch potential victims, including those who are still exposed via unpatched Log4j vulnerabilities, off guard.

    The main fix for the vulnerabilities is to update Log4j to version 2.17.0. This version removes the message lookup feature, which provides a way to add values to Log4j’s configuration, entirely. However, in most cases, such as RISE-V2G, using an up-to-date version of Log4j could break applications.

    This is unfortunate, and that’s why we continue to see hospitals being burned, because they can’t update operating systemns and software because it’ll break stuff. Don’t know how to get around that one, I’m afraid.

    There’s more including some commands that could be envoked for when things need to get done.

    The Log4j story, and how it has impacted our customers

    This article was very insiteful even though I’m not a Trend customer. They describe what happened happened. There’s definitely more because they’re doing research in to what is really going on and this is only one of two articles that could tell the story.

    What to Do About Log4j

    This article I didn’t send to the TSB list because its more for people who need to be aware of what to do to mitigate the vulnerability. Its meant for those who have log4j running within their environment and I want people to have this because its being blogged. You should definitely take a look at this if you’re affected by this vulnerability.

    I don’t remember which article, but some articles may talk about multiple CVE 2021 numbers as part of the problem. Be safe, get the latest if you can, and keep reading so you can make your environments as safe as possible.

    Comments (0)

    U.S. Cert releases mitigating Log4J advice

    Hello everyone.

    Mitigating Log4Shell and Other Log4j-Related Vulnerabilities was sent on December 22nd and it talks and links to information on what comnpanies can do to do their part on making sure they’re protected.

    Perusing articles as I am known to do as of late tells me that Cyberscoop wrote an article titled: CISA, Five Eyes issue guidance meant to slow Log4Shell attacks which should be read too.

    They both have information that you should probably read, and even as this is written on the 24th and posted after Christmas, we’re still in the Log4J (Log4Shell) and a couple of more days posting to the blog isn’t necessarily going to hurt anyone.

    If you need to have this information, please heed its warnings, as this is only the beginning.

    The JRN hopes that you have had a merry Christmas, and we hope the new year will bring us some good news too.

    Comments (0)

    There’s a Fake Christmas Eve termination troublemaker out there, better read this one

    Hello folks,

    My goal wasn’t necessarily to blog till after the Christmas holiday, except, I saw that a post of mine got some traction on Linked in where this Cyberscoop article was posted. The article is titled Fake Christmas Eve termination notices used as phishing lures and it is something that needs immediate posting.

    A phishing campaign using a well-known malware families is employing a pair of particularly devious methods to trick targets into opening an infected file: fake employee termination notices and phony omicron-variant exposure warnings.

    The particular campaign is our good friend Dridex, which has been around since 2014.

    The suspicious email told the target that their employment would cease as of Dec. 24, and that the decision was not reversible. An attached password-protected Excel file promised additional details.

    As per usual, the file asks you to click continue to run a macro which will infect your machine. According to the article, it says:

    Dridex is a trojan dating back to 2014 that typically spreads through email phishing campaigns and is associated with credential theft. It’s been used to steal more than $100 million from financial institutions and banks spread across 40 countries, according to the U.S. Treasury Department.

    It further hones my point that it has been around for many years.
    Bleeping computer reported this on the 22nd, and if it isn’t sending the phony termination letters to potential people, it is full of ratial things that the researchers have found. That paragraph of the article says:

    A reply to TheAnalyst’s tweet containing the phony termination notice noted that in some versions of the email, the “Merry X-Mas” pop-up substituted racial slurs instead of the word “Employees.”

    There are two more paragraphs which I’m going to quote. one talks about the ratial things that I mentioned above.

    The racist messaging with this particular Dridex effort dates back a couple months, TheAnalyst told CyberScoop Thursday. A phishing email sent to targets around Black Friday, for instance, referenced killing “black protesters,” with a license. “If you find this message inappropriate or offensive, do not hesitate to click complaint button in the attached document and we will never contact you again,” the message read.

    The hackers also infuse racist email addresses into the malware payloads, TheAnalyst said, as an effort to troll researchers. Targets of the campaigns don’t see this part of the campaign, but researchers who seek out, examine and expose phishing campaigns do.

    Besides that, some people may get a message about someone in the company getting infected with the latest Covid-19 varient, and what they need to do to learn more is to open the attached file.

    It is of course, a passworded file.

    Please make sure you know where you are getting for files. For example, the JRN will always tell you what files are being sent, and will indicate the format if possible. If you don’t see any information about what you’re getting and you see its from any of my team that may represent me, you can contact me by phone, or through a trusted address you have on file or through my contact form.

    Please be safe! We don’t want you to get infected and have more problems than you already have. Thanks so much for listening, reading and participating!

    Comments (0)

    The Security box, podcast 75: 2022 predictions, what do you think?

    This is the last podcast of the year, unless something breaks we need to cover in audio.

    This week, you’ll get a discussion and even some holiday music for the Christmas Holiday this weekend.

    Please find the show notes for the program below the ruler, and I’ll be back with articles of interest after the Christmas holiday. Thanks so much for reading and participating as we navigate the Security landscape together.


    Welcome to the Security Box, podcast 75. On this edition of the podcast, come with me as we do a little predicting for 2022 with a Trend Micro article titled Pushing Forward: Key Takeaways From Trend Micro’s Security Predictions for 2022. We’ll also have thoughts on recent news read, and its been decided that the full news notes segment will be no more in favor of topics that need discussion. This doesn’t mean that we won’t cover news, but we’ll cover it a little differently.

    Topic

    Comments (0)

    Older Posts »

    go to sections menu


    navigation menu

    go to sections menu