go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu

I love good news, Kansas man indicted in connection with 2019 hack at water utility

I love covering articles like this, especially when charges are filed.

A U.S. grand jury has indicted a 22-year-old man for allegedly hacking the computer system of a rural water utility in Kansas and shutting down processes
that affect procedures for cleaning and disinfecting water.

Angela Naegele, a customer service specialist at the water utility who answered the phone Thursday, said the 2019 incident had no impact on customers’ drinking water. The utility continuously monitors its water quality and safety, Naegele added.

The indictment did not specify whether Travnichek allegedy circumvented any security controls in his alleged break-in. Prosecutors cited the Safe Drinking Water Act, a 1974 law that mandates contamination-free standards for U.S. water systems, in bringing the charges.  

There’s definitely more here including:

Travnichek’s indictment comes two months after another high profile digital intrusion into a water treatment facility near Tampa, Florida. In that incident,
an unidentified hacker used a remote software program to breach the facility’s computer system, and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, according to local authorities.  A plant operator noticed and reversed the change.

This is critical infrastructure we’re dealing with, and people like this guy just don’t care.I’m glad he’s been picked up and charged.

For complete details: Kansas man indicted in connection with 2019 hack at water utility is what you need to read, and enjoy.

Comments (0)

Ransomware gangs not going away? Ransomware and their gangs now have something else up their sleeves

Ransomware isn’t going anywhere In fact, its been reported in podcasts that the actors are now emailing or even calling their victim customers to force the customers to call the victim to have them pay. If I remember correctly from reports I’ve heard, it hasn’t worked so well, or even if the customer calls the company and the company pays, its not the end of it in regards to possible problems.

Krebs on Security covers this quite well, and I think its worth passing along to my readers as well.

According to Brian’s article, he gives a letter that was sent to a customer of a business.

This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site.

“Good day! If you received this letter, you are a customer, buyer, partner or employee of [victim],” the missive reads. “The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data.”

“We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us,” the message concludes. “Call or write to this store and ask to protect your privacy!!!!”

To make things worse, the company that was hit this time came back and said that they were part of a third-party breach, and as we know, those can’t be good.

In response to questions from KrebsOnSecurity, RaceTrac said it was recently impacted by a security incident affecting one of its third-party service providers, Accellion Inc.

We talked about Accelion and their FTP client on a recent Security Box, which this blog and podcast seems to be going that way. Don’t worry, I still need to get a tech podcast out, although now I don’t remember what I wanted to do with it. I digress.

The University of California was one of several universities that had been hit with Klop’s ransomware, and I’m sure that this isn’t going to be the last we hear from this gang.

There are lots of links and lots more, so Ransom Gangs Emailing Victim Customers for Leverage is the article, go and check it out. Enjoy!

Comments (0)

Rogue Employees can be part of the breach problem … hope these two emplpoyees got fired

According to an article I read from the Verge, rogue employees can be part of the breach problem. The article was written on April 7th, and was found on my twitter feed

The article is entitled California man indicted for stealing Shopify customer data and talks about a man by the name of Tassilo Heinrich, who paid Shopify employees to get him data on customers which he then he sold to two people outside the United States. According to the article, this breach affected fewer than 200 merchants and it was because of employee abuse, according to the article. A linked article said that one of the merchants involved was Kylie Jenner’s makeup company Kylie Cosmetics.

For full information on this one, please read the article. Glad in this case it was bad employees, and not a full blown breach. As a side note, these employees gave access to Google Drive via links, as well as giving images as well.

According to the article, Mr. Heinrich is charged with identity theft and conspiracy to commit wire fraud; his two co-conspirators, based in Portugal and the Philippines, were not charged.

Comments (0)

Looks like Facebook is now paying for an old breach

According to several articles out there, Facebook is now paying for their apparent mistake that allowed people to get access to phone numbers. While they fixed the vulnerability, hackers have now made the data from the 533 million breach which includes 32 million in the United States alone publically available.

Apparently, this breach occurred in 2019, and a telegram bot could accept a couple of bucks to have access to the data.

Now, you know where this is going, right? The actors can now call you or do anything they want with your phone number, so be aware of what is happening now.

Cyberscoop is one who has details on this latest facebook ordeal, so go read it. 533 million Facebook users’ personal data leaked online is the article.

Comments (0)

With status you may get malware named after you

Krebs On Security has been around for many years now, and recently celebrated a birthday in December. With the aging of the domain and the excellent writing comes the potential of your name and likeness to come in to light in malware.

In an article titled No, I Did Not Hack Your MS Exchange Server Brian Krebs talks about a domain that is not safe to go to called KrebOnSecurity_top and it is not a good web site to go to.

I put the underline in place of the dot, instead of putting brackets which is common to show not safe urll’s when writing about them.

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.

David Watson who is a long time member of the Shadow Server Foundation was quoted within this article. It says:

David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server’s emails).

According to this article, the new place the attackers are utalizing is quite different than things the Shadow Server has ever seen. There are at least 367 web shell access points, according to the article.

There’s tons more to read including on what the krebsonsecurity.exe file does including the ip mentioned within the article.

No, I Did Not Hack Your MS Exchange Server is the article that you should read, and thanks for reading!

Comments (0)

Krebs on security covers Woodland Hills, California: but this company … isn’t all that great

I’ve lived in Woodland Hills, California for all of my life. When going through Krebs on Security and coming across an article talking about it was quite interesting except for the shadiness of at least one character who has been trying to make business work for him.

The article is entitled RedTorch Formed from Ashes of Norse Corp. and talks about a couple of people who haven’t found their business instincts yet. Since there are a lot of links to various things including a link to Woodland Hills via Wikipedia, you might just want to read it.

The main heading of the article asks the question of who is redtorch? To read it, and the characters who need to figure it out before our LAPD does, click on over and read it.

Comments (0)

Here’s some of what I’ve read of late

While I’d love to put everything in news notes that I’ve read, I’ve realized that instead of throwing it away, I’d put it up here like I used to do.

I may cover some of these in future articles, I know I’m going to at least cover one which kind of hits home for me just a little bit. My goal was to blog everything in news notes, but I’m finding it a little bit difficult, so I think this is going to be good unless I am able to do it. I started to, but then it became a little much.

Maybe this will be a great compromise.

Comments (0)

This week in security news, news ending March 26, 2021

There’s always something good to look at in News Notes from Trend Micro. One of the things that might be of interest is that a Swis security firm may have access to servers that were used for the biggest breach in 2020 to date, the Solar Winds hack.

Instead of me talking about what I think you might want to read, I’ll just link to the article This Week in Security News – March 26, 2021 for all of the details. I hope you’ll find something of interest to read.

Comments (0)

This week in Security news, news ending March 26, 2021

I’m going to try and keep up now, at least on the security front and Trend Micro’s news. Lots to see here. One of the things that may be of value is that a Swis firm may have a line on a server that was used for the Solar Winds breach that happened in December 2020, and was long lived as this was well orchestrated and a good job it was at that. Hackers are going around infecting developers of apple, websites that host cracks are now spreading malware, Purple fox is back, and much much more.

If you click through to read the post from Trend Micro, what did you think? I look forward in hearing from you.

This Week in Security News – March 26, 2021 is the article and I hope you find something that is of interest for you to read.

Comments (0)

Firefox 87 has just been installed here

Hello folks,

Just running firefox as I wanted to do something and it popped up a notice that installed firefox 87/. Tjhere are some accessibility changes as well as security changes.

POne of the things they highlight is that they now work with the Mac’s Voiceover program. I don’t know if it works with IOS, I have not tried. Be that as it may, I think this is important for those who want a choice in browser.

My limited use of the Mac (2017) indicated that I could use Safari and Chrome and both seemed to work. Now you can add a third browser if you’re using the Mac.

To read all of the release notes from Mozilla, head on over to this link to read them and let me know what interested you in these notes.

Thanks so much for reading, and make it a great day!

Comments (0)

How would you choose the best password manager for you? Lastpass has some ideas

Lastpass always has some great articles that I find that could be covered. As the work from home option remains in effect, its now more important for you to choose something that works for you.

There are specific questions the article asks which need to be thought of. It covers things like how many devices are used, the type of devices that are used, how many passwords and other types of information may be stored, whether you’re concerned of potential data breaches, and who needs the information that you have that you need to share with.

When getting the best out of your password manager, Lastpass talks about their various teers of service and asks if the password manager you decide to choose provides what they’re highlighting are in the manager you choose.

I think this article is of important, and we’ll definitely be talking about this on the Box this week. I feel that this is of importance.

If you use a password manager, what do you use and why? If you don’t, what is holding you back?

Comments (0)

119k Threats Per Minute Detected in 2020

I talked about this article last week, and I’ve finally gotten a chance to read it. Its definitely worth the read, and I want to blog it here for people to see. Wow.

Trend Micro found and blocked more than 62.6 billion cyber-threats last year

Source: 119k Threats Per Minute Detected in 2020

Comments (0)

Hims announces new note taker

I saw this briefly either on Thursday or Friday when looking for something specific on blind bargains, but I didn’t get a chance to read it till now. Hims looks like they’ve been busy with a 32-cell version of their note taker. It succeeds the polaris, and this model looks like its got some awesome stuff.

Want to learn more? Breaking: Hims Announces BrailleSense 6 Notetaker at #CSUNATC21 was written by JJ over at blind bargains, so check it out if it interests you.

Comments (0)

Samsung fixes critical Android bugs in March 2021 updates

This week Samsung has started rolling out Android’s March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.

Source: Samsung fixes critical Android bugs in March 2021 updates

If you use Android and are supported by Samsung, time to update. Besdies that, Windows has their share of updates but that’ll be coming in a blog post later today. Michael talks about the Samsung phones being good for their update, and above is a blurb from bleeping computer and a link to read the full article.

Comments (0)

Vulnerability summary for the week of March 1, 2021

This is the link to March 1st vulnerability summary and there is yet another 10 at the bottom of the high section. Several Google Android listings in this one. If you find something that effects you, take note of it.

Comments (0)

Vulnerability summary for the week of February 22, 2021

I’m finally getting around to looking at the vulnerability summary for February 22, 2021 which was received on March 1st. There is one item that is a 10 which is the highest CVSS score you can get. Several other names may be familiar to some including Adobe, but the 10 is the last one in the list that I saw. You might want to peruse the list and determine if something effects you.

Comments (0)

IOS and WatchOS have updates

Hi all,

I was perusing Applevis on my telephone last night, and they had a post about IOS and WatchOS updates which cover security things. For full information, please read their post and I hope that this information is of value to you all.

Comments (0)

This week in Security news, news ending February 26, 2021

I know i’m quite behind in doing a lot of reading, but I happened to come across this digested read dealing with some news in the security field, and I thought it was time to go through and see whats going on.

Apparently, Facebook, Twitter and other visual apps that the sighted use are vulnerable to problems but now audio apps including the newly popular app called Clubhouse. Several blind people I know or know of have it, and one recently sent me an invite which I never received. Be that as it may, I’d be interested to read this one, and I see it in the Trend Micro archives that i need to read.

Over 10,000 users were recently hit in a fed-ex lure where people who get this type of email can get bitten with whatever the actor decides to throw at them. Always know if you’re receiving a package. These lures are back!

We’ve talked about double Extortion before on several episodes of the Security Box, but have we talked about Nefilim ? It doesn’t sound familiar, but Trend Micro has the lowdown on this one.

Sit down, don’t listen to anything else, turn everything off, because I’m going to tell you something that even I was shocked when I read this. The headline linked says that there wee=re 119,000 threats per minute. Think about this. According to the blurb under the headline:

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. That averages out 119,000 cyber-threats
per minute. Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million
unique phishing URLs were detected by the company in 2020, with home networks a primary target.

Is this something to sneeze at? This article wasn’t written by Trend Micro, so I’m going to have to read this one.

There are 4 different hacking groups according to an article that are hitting critical infrastructure and these are apparently new ones.

According to another article, Android users now have a way to check on the Security of their passwords. Android hasn’t seemed too keen on security, but now we learn they have something? I know Lastpass can already do this browser extension wise and I’m sure there are other password managers that can do this.

There are 6700 VMware server exposed to a new bug, according to the news. This can’t be good.

Find something in the blog post by Mr. Clay you want do discuss? Let’s hear from you! This Week in Security News – Feb, 26, 2021 is the article, let the comments flow in!

Comments (0)

Here’s some lastpass news about other authenticating options for a better secure account

I was recently reading my news, and came across something from Lastpass that is of interest. Apparently, they are now allowing a second factor of authentication to be added in case of your loss of phone or other isues that might make them use it.

LastPass now provides the flexibility to authenticate into the LastPass vault and configured single sign-on (SSO) applications with SMS passcode, voice
call or YubiKey.  

LastPass delivers both personal and business customers with the flexibility to authenticate into the LastPass vault using any cell phone or landline via voice call
and SMS passcode authentication. For LastPass customers who are not able to consistently use the Authenticator mobile applications, voice call and SMS
passcodes will now allow them to add secondary authentication on top of their LastPass vaults to ensure their credentials remain secure.  

In addition, LastPass is also releasing voice call, SMS passcodes, and YubiKey support for business customers accessing single sign-on applications configured
in LastPass. This provides additional options for LastPass users who may not want to use a hardware token to authenticate into their cloud applications.  

There is a section for home and for other users too. It seems as though you can chose between what you want to use within your account, but on reviewing the article, I’m unclear on whether you select voice call for example and it disables the authenticator which I don’t necessarily want to do. If I were having trouble, and I couldn’t use the authenticator, than it could revert to voice or SMS, but it seems that I’m totally unclear on this, so just read the article: LastPass Now Offers the Flexibility to Authenticate Into the Vault & Single Sign-On Applications With SMS Passcode, Voice Call or YubiKey for all of the details that I have.

Comments (0)

Wetransfer has now joined the services that can be and has now been abused for Phishing Lures

I guess we can add wetransfer, the newest file transfer program that I was made aware of to the list of services that criminals are using to get their wares out.

https://we.tl/t-ZR52D6sDAm is a link to the last available technology podcast which was number 359 of that series. I had been meaning to record, but other things came up and of course the Security Box came up.

According to a recent article, there is a different type of link that the actors are using to get their wares out.

According to the legitiment wetransfer email, the sender matches what you’d get from wetransfer. The subject line has the email address sent you files using wetransfer.

The legitiment file transfer will explain what the file is by giving you the description of the file like you’ll see through the clickable link.

The link in this article will not be linked but it is: hxxps://wetransfer[.]com/downloads/52d55eeb42591d9ebbffe5326326858320210218183005/8b80cbbd9c1b8f7695b8de69e995ebee20210218183005/8c0cd5?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email and is a lot longer than the URL that is linked above.

The download button is on the web page of wetransfer’s legitament links, not on the llink like you see here.

The other two domains used are box.com and Google Documents just to add to insult to injury.According to box.com, they’re a collaberation tool, nd of course we know well about Google Documents which has been used for things like this for many years.

ZLoader was known for being a banking trojan, but it seems now to be picking up where other malware families got dropped.

Want to learn more? Surge in ZLoader Attacks Observed is the article. It is written by Phish Lab’s Jessica Ellis. Do read the article, it is definitely worth the read and thanks for listening and reading!

P.S. The link to podcast 359 linked here expires in one week.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu