go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu

Now, … for a random breach … a psychotherapy center

First of all, any type of doctor, hospital, therapy office or any type of health place of any kind is probably the worst place you can have a breach. Time and time again, we’ve seen different places get breached, but this one is one I don’t think I even saw coming. To make matters worse, this happened in 2018 at some point and we’re finding out now. Like Yahoo’s problems were bad enough at 3 years, yet this isn’t the end of the story.

Cyberscoop’s Joe Warminsky wrote this article and I got to thinking while reading that F-Secure might weigh in. Sure enough, F-secure’s Mikko Hyppönen
did put his two cents worth in to this article as I would expect.

He thinks that this breach is from the work of more than one person. He may be on to something seeing how the company wasn’t contacted asking for a demand of payment some two years later.

If I were to breach a company like this and exfiltrate their data, I’d be wanting to get the maximum for the data I thought the company could pay. I wouldn’t want to wait some two years after the fact. I’d want to maximize my findings.

It is rare to see blackmail from an attack, says the article. A couple of paragraphs from the article indicate that both customers and employees have been victims.

Vastaamo said customers and employees had “personally been victims of extortion” in the case. Reports say that on Oct. 21 and Oct. 22, the cybercriminals
began posting batches of about 100 patient records on the dark web and allowing people to pay about 500 euros to have their information taken down.

The company has opened a crisis hotline for patients to call, with therapists available for free, and says it is working with credit-reporting organizations
to protect the personally identifiable information of anyone affected by the breach.

500 euros is roughly $591.07 at the time of writing. Its chunck change for some people, but could be a problem for others, especially when that $591 is needing to be paid in bitcoin.

Want good news out of this?

Vastaamo, which operates as a subcontractor for Finland’s national health system, said that as far as it knows, patient data created after November 2018
was not breached.

That is just like the breach at Door Dash where people that signed up in 2018 and before were targeted, but yet anyone after the targeted 2018 date was never effected. Here is the door dash blog post from September 2019. Here is a link to podcast 325 of the tech podcast where Doordash is one of the topics.

Want to read more about this bizarre case? Why not go over to cyberscoop and read Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts and let the blog comments begin.

Comments (0)

A big swath of internet space can be reclained

A hopefully good piece to reclaim internet space can be found in two companies that are technically not operating companies. According to Krebs on Security, these companies would have large amounts of IP space, and they would be used to spread information tht isn’t necessarily the best information. I don’t necessarily want to call it miss information since I’ve never seen anything from these companies to my knowledge, but the fact that they aren’t to be operating is probably a good thing. One is in California, the other in Nevada according to Krebs.

Want to read more? The Now-Defunct Firms Behind 8chan, QAnon is the article.

Comments (0)

Here is some more government news

Hey folks,

I think I want to try and catch up the blog, so I’m going to do a governmental post tonight, and we should be caught up.

I’m so tired of someone blaming someone, yet nothing is really done. We’ve got two articles of this nature.

First, Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals

China is increasingly tolerant of criminal hackers on its soil if they are willing to hack on behalf of the Chinese government, a senior U.S. Justice Department
official has alleged.

If this is the beginning of the article, might I remind you that China was the first to develop what was once known as the “great firewall.” This firewall didn’t let Chinese citizens to go sites like Facebook, Twitter, or even their own versions of social media if they wanted to. We never reigned them in for that crap, and I talked about it in earlier blogs and podcasts. I’m sure I can find the podcasts if people want them, but this is enough. What are we as a nation going to do about their recent ordeals? Its time we as a nation step up, not just the United States, but all nations against what China has done.

Speaking of U.S. people blaming people and accusing people, how about this article? It is entitled US blames Iran for threatening emails sent to Florida voters and I’ll ask again, what are we doing about this one? To be fair, I’m not sure if Iron has really done anything like this before, so should we be sending them a warning not to do that crap? On top of that, while I did read the article, this type of thing of sending emails pretending to be other entities and the like are continuing to happen all the time, so what do we do about that? This isn’t the first time.

I give the FBI a lot of credit in regards to what they have been doing in the cyberspace arena. This article entitled What the FBI did to make headway against COVID-19 research hackers talks about how they have been trying to help people by sharing intelligence to other companies so they are better prepared. A lot of what they’re doing is permission based, according to the article. This is quite awesome!

Finally, EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack. Its about time someone goes after Fancy bare. This is the first time I’ve heard that they are now being targeted and wanted for something. Fancy Bear has been targeting people with all kinds of stuff.

The European Union on Thursday sanctioned the head of a Russian military intelligence unit, an alleged hacker wanted by the FBI and a Russian government-linked
hacking group over a 2015 cyberattack against Germany’s parliament.

We’ll have to see what happens with this one.

There is so much I’ve not read that I want to read, the fact I didn’t feel well didn’t help matters. I’ll be finding things I want to cover, but this should catch people up. Be well!

Comments (0)

Muddy water is still around, still causing havoc

We’ve not talked about muddy water, another termed group that is out there causing havoc. In an article by Sean Lyngaas, its time we catch up with this group. Seems like they want to go after bunches of stuff including governmental stuff as well as telecommunications.

One of the most prolific cyber-espionage groups linked to Iran has used old tricks — and perhaps a new hacking tool — in dozens of attempts to breach government
and telecommunications operators in the Middle East in recent months, security researchers said Wednesday.

“These actors are extremely focused in what they’re doing,” said Vikram Thakur, technical director at Symantec, a division of semiconductor and software
maker Broadcom. “They’re not using zero days. They’re just looking for commonly available methods along with their custom malware to get into these environments,
exfiltrate whatever they want and then move on.”

These actors have a different agenda which is good, but still as dangerous as shown in the quoted paragraph above. The thing is, we don’t know what they’re going to do next, so we all in company space need to be made aware of what this group is going to do.

‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms is the article from Cyberscoop, and feel free to learn more about what they’re up to and how you might be able to protect yourself.

Comments (0)

What has been read, blogged, and talked about in the Security Landscape: October 24, 2020

Welcome to another week here on the blog, and there’s been a bit of interesting things in the security landscape. There may be other articles, but I’ll only cover those in this post in the security landscape that might be of interest. That also includes the phishing aspect, as Security can only be a human learning experience based on what we see, correct?

Lots of items in this week’s Security News. Its packed from Fancy Bear being on a hacking spree for extortion, A ride on a self driving bus, Russian officers being caught up in stuff, a hacker selling info on 186 million people and more. This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree is the article.

This is why I would not trust the government in anything security related. While the intentions are good in their writing, seems as though the department of justice (DOJ) can’t seem to understand that encryption is the way forward, not trying to weaken it. In an article by Shannon Vavra at Cyberscoop, talks about this and I think its worth talking about. This is definitely going to get interesting as the year draws to a close.

Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data:
This is a power grab.

The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects
who use encryption to hide illegal behavior …

This is only the beginning of what I think we should be talking about. We should be convincing the department of justice to quit this, and support encryption. We know people will abuse it, but you can’t stop advancements in technology. It just isn’t going to work.

What do you think about when you look up a web hosting service similar to what I offer to people including the Mix, Internet Radio? Most providers are going to be honest, we’ll offer a level of service that is comperable to one another without stepping on each other’s toes. We all can’t offer the same thing, some providers offer different operating system environments, yet others may offer services and turn the other way to complaints. One particular situation in regards to hosting reminds me of a Colorado provider who was responsible for this, but I can’t find the article that caught my attention on this topic. If you search out bullet proof hosting, you’ll find many different types of articles from around the web.

The latest in this comes this year when Phish labs penned an article entitled Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor.

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using
this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been
dubbed Planetary Reef. 

This is the beginning of a big problem we definitely need to solve. We know that Phishing and other activities started with the free domain hosting services like ones issued by your ISP or Internet Service Provider. In no way am I saying that all pages hosted through ISP servers are bad, but I am saying that this can be a starting point.

There are other providers in this space which may not offer free services anymore like Homestead. That is where my first personal page came from, way before I baught my domain I use today. It was free, and easy to use. Free is good, but in today’s space, unless you know where to look, free isn’t going to be around. When you choose a provider whether it is homestead, any provider with Cpanel web services, or even a provider who may offer a Windows operating system platform, you want to make sure you choose something that will meet your needs, and you can surely enquire about what types of content are allowed by either viewing the site or contacting sales and support. I know I can’t get in to the illegal game, or my account can be flagged, and that is how all hosting providers should be. No provider should allow the types of things we’ve seen through the years from phishing pages to hosting ransomware and fake pages promoting to be from well-known companies. That should be the next thing we tackle, and how do you, dear reader, think we should do this?

What bothers me about this type of thing is the fact you can have shell companies. Here is something else this article has to say.

Planetary Reef’s infrastructure includes a large number of domains registered through a variety of well-known registrars. Each domain has a substantial
assortment of subdomains that they use to point to different phishing sites hosted on their IP space. In order to quickly set up these phishing sites and
effectively manage their inventory of domains, the group is utilizing dynamic DNS services.   
There are various behaviors that indicate Planetary Reef is acting as a bulletproof hosting provider. These types of hosts allow customers considerable
leniency in the types of illicit material they upload and distribute, and are favored among malicious actors. They have sold hosting services to another
actor targeting large social media platforms. They also have connections to known groups offering phishing-for-hire services. Additionally, we have observed
threats using Planetary Reef’s infrastructure targeting various brands and properties in ways that suggest distinct actors pursuing their own ends. 
The most prominent hosts run by Planetary Reef are Planet Hosting and CNF-HOST.  

More information about each is given, and I think this is definitely worth talking about. What do you all think?

Looks like Trick Bot has been having some big time problems. Trick Bot is really not tricked, it got disrupted and they’re trying to rebuild is an article I wrote after seeing an article talking about how this botnet has been crippled. This is definitely a good sign, and I hope that we can start taking other botnet services down. If it isn’t us in the states, I think it’ll eventually happen with another country. Let’s go!

There’s more in the governmental aspect that may be appropriate for this blog post, but I’ll cover them separately. I appreciate everyone checking out the blog and podcasts, and we’ll be sure to have more stuff coming soon. Thanks for reading!

Comments (0)

Thunderbird 78 is now out

This Thunderbird page talks about the latest changes in the program version 78. Just by sending some email I needed to send, we can now use comma addressing like we did way back in the day. This is what it looks like.


The sample here shows that there are two addresses, and the program will send to each individual address separately.

There are also other changes that were made to the dialogues for accounts, and much more. I hope that you find this post of value, and visit the Thunderbird page to get your copy. Enjoy the changes!

Comments (0)

Trick Bot is really not tricked, it got disrupted and they’re trying to rebuild

Well, Its time to try and catch up with some of the news I’ve read, and I think I want to start this post about Trick Bot. We’ve covered on the blog trick bot quite a lot, and even a recent article about its potential disruption more than a takedown. Tim Starks at Cyberscoop is reporting that this botnet is really suffering now, and they’re trying to rebuild instead of trying to attack.

This is probably good news, maybe a lot of spam will be slowed down because of this botnet, but then again, as for spam coming through contact forms, that’ll happen no matter what.

After some initial doubts, Tuesday brought encouraging signs that a multi-front attempt to dismantle the massive TrickBot botnet in advance of Election
Day has taken root, perhaps thanks to an extra push.

This is how the article starts, and it has linked material for people to link to.

I don’t honestly remember if it was Cyberscoop or Krebs on Security that broke the news on this particular news of this botnet, but I think this is a promising sign.

TrickBot really is on the run after Microsoft, Cyber Command disruption is the article if you wish to read more. I hope this is a sign for operators of these things taking notice that at least here in the U.S., we’re starting to figure out where these things are hosted, and we’ll try to cause havoc since you are doing things that should be punishable by law.

As discussed in our own Security Podcast 15, we can’t do it alone as citizens, even though that podcast covered personal info and what people are doing as well as what is found online. The botnets aren’t helping either because they latch on to the machine and we don’t know either unless it is slowed down.

Did you read the article? Feel free to comment on this one.

Comments (0)

Legal Scraping, what is it?

I found this post on Internet cases interesting and had been holding on to it as I wanted to talk about it. Problem is, I don’t know exactly how to cover this. After much thought, I think the experteese of Evan Brown should come at play as I’m going to post the article What are the legal issues around web scraping? and let you all read it.

We know that bots look at web sites to gather data for search engines and that is done automatically through those search engine bots. I’ve thought on how to present this, and I’m at a loss on how to do this but it is definitely worth the read.

Comments (0)

What has been read, blogged, and talked about: News ending October 17, 2020

Welcome to what I’ve read and things of interest in the security Landscape through October 17th, 2020. I’ve started feeling better, and so I think its time to try and catch this thing up and try to get back to some form of blogging. I’ve been fighting something, and you’ll recognize that through last week’s security box. Let’s get started!

Seems as though Researchers who are usually pretty good at reporting bugs for the common good are confused about Apple and their payouts through their bug bounty program. In an article by Cyberscoop, 5 researchers came forward and they eventually got their payout. Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process is the article.

Our regular companies whether tech companies or other industries are not the only ones that outsource their work. According to a Krebs on Security piece, Ransomware gangs are just as successful at this just like everyone else.

This article talks about how the ransomware works, who may be responsible depending on what the intention is, and the full infection process. We know nobody by name, but the process of who could be doing what. Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Lots of things in this last week in Security News from Trend Micro. Cybercriminals use prizes like stolen data in poker games, Virus Total and Trend Micro’s elf project team up, Emotet uses fake windows update lures, a breach at Barnes and Nobel, and Carnival Corporation and ransomware mix it up.

Of course, some of these I’ve not read and some I’ve skipped, and there may be more I didn’t highlight which you can click through and see if you find them interesting. This Week in Security News: Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles and VirusTotal Now Supports Trend Micro ELF Hash

Speaking of Breaches, Krebs on Security has a breach notification that might be of interest. I know who this place is, and it is another food joint. Breach at Dickey’s BBQ Smokes 3M Cards

While this week in Security covers the windows update My Blog post links to two blogs that you can get info in regards to the updates. I’ve since rebooted since that article posting.

Found something you want covered I missed? Please write and send it over. See you all later!

Comments (0)

Time to get your windows update on: October 2020 edtion

Well, for the first time in several months, at least six, we have less than 100 patches effecting Windows. I know of at least one person who was receiving updates and needed a reboot.

This patch set fixes some TCPIP and RDP bugs. The TCPIP bugs are internet based packets called TCPIP. The other, RDP, is remote desktop protocol.

Please feel free to check out the articles out and apply what you need or what is given to you. Stay safe!

Comments (0)

Yahoo! Groups to close on December 15, 2020

I can’t believe this news, although some of us have used this and Topica for years. Topica closed their free service with no email to us free users, and now they brand themselves as one of the paid options for mail delivery.

Now, I can dispose of my email lists page, as those lsists I was trying to promote for subscribers to join.

Yahoo! has this post on their help pages and I as well as Shaun will be talking about our experiences with these services on a future edition of the technology podcast.

We’re sad that these services have gone, but the sad fact is, that companys need to make money. Providing a free service is nice, but between the abuse through the years, and the decline as the announcement I read had said, it may not be that effective anymore. Topica didn’t let us list owners know, and they monitored that list.

Now, to go to work on that page, i suppose.

Have you used the service? Want to send me a file with your experiences between either service? You can use dropbox, google drive, sendspace, your own web server, or even my sendspace dropbox and I’ll have it played. You can go in to as much or little detail as you wish.

If you put contact info, make sure its something you want to be given out, and if you want to be identified, put in a name you want to be used if you use a name other than your own. You don’t have to even put any contact info or name if you don’t want, the choice is yours.

The page has a question and answer format which pops out and is accessible.

Thanks for reading, and make it a great day.

Comments (0)

Windows Update is now a problem

In this blog post from early September I talk about Windows Defender being able to download files through a specific command. A little over a month later, Shaun Everiss sends me Windows Update can be used in a bad way to execute malicious programs which later links to a Bleeping Computer article. Now what?

Comments (0)

What has been read, blogged, and talked about the last week, news ending October 9, 2020

Quite a bit has been blogged about and even read this week, so let’s get started.

Let’s get started with the News Notes for the week provided by Trend Micro.

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This
week, learn about how cybercriminals secure their assets and survive in the business in a new Trend Micro report. Also, read about a how cybercriminals
are tapping into Amazon’s Prime Day with phishing and malicious websites that are fraudulently using the Amazon brand.

Some of these items I may not have read as of press time, but they may interest you. I think the biggest thing if you read nothing else, is dealing with French companies being attacked by the infamous BEC or Business Email Compromise attack. Are you surprised that Prime Day on Amazon had more Phishing and fraud attacks?

For the full blog post,This Week in Security News: A Look Inside the Bulletproof Hosting Business and Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks

I’ve been pondering this since I read this on the 5th, and I mize well post about it even though it is near the end of the month. We’ve talked on the technology blog and podcast about this Trick Bot, and boy does it have new tricks and it has had new tricks for quite awhile. In this blog post from Krebs on Security, we learn that it had at least at that time, the luxury of being hobbled.

At the time of the article’s writing, Krebs on Security wrote:

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two
million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware
within compromised organizations.

I wonder how successful this has been? I wonder if we are getting closer to finding out who is responsible for this bot and can bring them to justice? Attacks Aimed at Disrupting the Trickbot Botnet is the article.

Back near the end of September, and on the first podcast of October, I mentioned briefly a new multi-staged attack going on. While it is almost a month since I’ve read this, I know that this really should be braught out.

Royal Ripper’s attack begins with a lure that impersonates either a government agency, telecommunications company, or online payments service via text.
In the example below, the initial SMS lure poses as a tax return notice from HM Revenue and Customs.

There are images with this one, and as with all Phishlabs stuff, they really do a great job. https://info.phishlabs.com/blog/royal-ripper-multi-stage-phishing-attack-adapts-to-victim-input is the article and one I’d recommend you look at.

In a recent post, I blogged about an article where video game hackers were taken down. Its about time we get some good news for a change, and I know we can use it after the long year of nothing but bad news. Video Game Havkers getting picked up is the article although it should say hackers. Its all good.

NCSAM is not even close to being done. I penned an article talking about passwords recently. It also linked to an article from Lastpass where passwordless authentication is talked about. Its hard to implement, but the majority would love to see this come in to practice. Let’s talk a little bit about passwords is the blog post where I talk about passwords, the linked article and my thoughts.

In the ongoing Saga of John Bernard, I pen a blog post asking if he’s done for now. In the next installment, we learn what he’s really like, although a company hopes he’ll come through on his promise even if his web site is closed. Is John Bernard done for? I hope this is the end links to the next article in this series. You be the judge!

There are two articles from the beginning of October that I don’t know were mentioned in news notes, and they’re worth it. Phishing won’t stop, just because of the election talks about the election and mentions an article that talks about phishing in this landscape. This is definitely of interest because voting must be done by mail this year. The second is the title piece What’s going on with the Phishing Landscape? Plenty, and it isn’t looking good where we talk about the Phishlabs article from APWG where they are a member. I highly recomend this article, it could be my best work yet in this space for this blog.

Is there anything else that you have found that I may have missed? Get it over to me by email/imessage/text/whatsapp. All info is available through listening to the podcast or looking about the blog pages for it. Thanks so much for reading, and make it a great day!

Comments (0)

Let’s talk a little bit about passwords

For the last few years, I’ve been hearing about the potential of going passwordless. This would mean that people would have to authenticate through another method such as an app, biometrics, or something else that they may have.

In the upcoming podcast for the Security Box, I think it is appropriate to talk about the Lastpass article LastPass Research Finds 92% of Businesses Believe Passwordless Authentication Is in Their Organization’s Future as it is this year’s article dealing with this topic.

In the show notes for the upcoming podcast, I quoted the following paragraph.

Passwords have long been one of the leading drivers of security risks and employee frustrations for businesses, which has only increased since organizations
transitioned to working remote. Passwordless authentication, on the other hand, securely connects employees to their work without the need to type a password
through technologies such as biometric authentication, single sign-on and federated identity. Is passwordless authentication the solution to the password

This is a definite beginning to a definite promising article.

Last year, 4 hours a week were spent on passwords, this year, 5 hours, a 25 percent increase according to the article. 85 percent of organizations surveyed say that they need to find a solution to reduce the number of passwords they have.

Here at the Jared Rimer Network, my administration set includes passwords for specific email lists ran by the Mailman software. It also has a control panel log in, and a way to create other accounts and access to the ones I have without those passwords.

Passwordless authentication enables employees to login to devices and applications without the need to type in a password, and can offer benefits for both
employees and IT. The research found the benefits of deploying a passwordless authentication model are twofold – for the employee it largely eradicates
the frustrations of using passwords and for the business it increases security. 65% agree that the biggest benefit of passwordless authentication for employees
is quicker authentication, whereas 69% agree the benefit for IT is increased security.  

Businesses Also See Potential Challenges with Passwordless Authentication  

However, with potential benefits comes potential challenges. The top challenges of deploying a passwordless authentication model include the initial financial
investment (43%), regulations on the storage of data (41%), and the time it would take to deploy such an authentication model (40%). Do the challenges
outweigh the benefits, and is passwordless authentication a realistic solution to address the password problem? 

Since I’m not fully understanding what is involved in deploying passwordless authentication, and I read these numbers, what would be the answer of deploying such a strategy across an organization?

I currently share the necessary passwords to specific mailing lists with their URL through private dropbox. Because the people I work with may not understand a password manager or even whether it is accessible, I think this is the best solution for me. I think the passwords are only shared with a couple of users. If i had more, I might adopt the password manager effect because there would be more to manage.

The meat of the matter?

completely. Are passwords and passwordless authentication mutually exclusive, or does there need to be a combination of password management and passwordless authentication to address the password problem? 

This is only going to get interesting.

Comments (0)

Video Game Havkers getting picked up

I recently read an article about a group of hackers getting picked up for hacking and video game piracy.

This Cyberscoop article is quite interesting in its coverage of this and I think its been awhile since we’ve had some good news.

The alleged leaders of an international video game piracy group apparently didn’t do enough to protect their scheme from the prying eyes of the feds.

The Department of Justice says two men have been arrested on felony charges of helping run Team Xecuter, which sold modification kits and other tools that allowed users of the Nintendo Switch and other gaming
devices to play pirated versions of games.

This is going to get interesting now, as we always need to find some good news to cover.

There are other links within this, so trying to take parts and copy this to make it make sense is going to be tricky. US arrests suspected hackers accused of video game piracy is the article. Thanks for reading!

Comments (0)

Is John Bernard done for? I hope this is the end

In a multi-part series I’ve been following through Krebs on Security, looks like the person behind this alias walked away with 30 million dollars. There have been quite a number of people who have been interview as I probably would have suspected. A portion of one paragraph says:

John Bernard is in fact John Clifton Davies, a 59-year-old U.K. citizen who absconded from justice before being convicted on multiple counts of fraud in
2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his third wife on their honeymoon in India.

When I braught this up as part of podcast number 10 when we first talked about this, one of our callers indicated that this was interesting and it prompted quite a bit of questioning. I was confused by this and reread that section again and it makes me wonder why he only got 16 months for that. Its not known.

To make this story more interesting:

Bernard found a constant stream of new marks by offering extraordinarily generous finders fees to investment brokers who could introduce him to companies
seeking an infusion of cash. When it came time for companies to sign legal documents, Bernard’s victims interacted with a 40-something Inside Knowledge
employee named “Katherine Miller,” who claimed to be his lawyer.

So we have a woman involved in this as well, and there isn’t much known about her. There are a lot of links within this article linking to various things as this investigation continues. I am going to talk about this more for podcast 14 of the Security Box, as we talk about Scams and the like over here.

Want to read more and the very interesting details? Krebs has the third part entitled Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M and enjoy the continuing saga.

Comments (0)

Phishing won’t stop, just because of the election

In our title piece dealing with Phishing, we wanted to highlight the aspect of phishing and the fact that actors are stopping at nothing to get their wares out.

In an October 2nd article on Threatpost, Lindsey O’Donnell talks about the rise in Phishing due to the fact that voters need to submit their information on who they want to vote for and other aspects of the election via the mail. This article shows and demonstrates how the actors are perporting to copy portions of one site, but mass mail it to people not even in that state. As you continue to read the article, it shows you what the Phish may look like including the misspellings. It also talkss about the recent attack of an email provider which I now can’t find its name but I read it here.

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy is the article and I hope that it finds you well.

Comments (0)

What’s going on with the Phishing Landscape? Plenty, and it isn’t looking good

On podcast 12 of the Security Box, we talked about a blog post that Phish Labs had talking about the APWG trends report. I covered that in a bit of a discussion, but maybe it is time to bring it up now as part of NCSAM’s discussion for this year.

In case you missed the Security Box, podcast 12, here are the show notes for that program.

Now, lets pick apart and discuss some things that got my attention in regards to the article dealing with Phishing.

The article that we’re going to talk about in this blog post is APWG: SSL Certificates No Longer Indication of Safe Browsing. Why specifically this article? Oh don’t worry, we’ll cover other Phishing articles but this one is quite important.

Let us start at the beginning of the Internet, where all we had were text browsers and we connected through Dos. Dos was an operating system that only had text. It did not have fancy graphics, although there may have been some, and it surely didn’t have video and other multimedia. It didn’t have the capability of filling out forms, making online payments, contacting people through forms besides putting other types of things online that we take for granted today.

While there were ways to get files like executables and other types of small files, the protocol has definitely changed. With that, comes the aspect of Phishing.

The protocol in the early days was just called http or hyper text transfer protocol. This protocol was used mainly to serve webb pages and back in the early 90s, and even early decade of the 2000s, that was really all we needed.

As time passed, it became clear that to do credit card transactions and the like, we needed a secure way to do it so they added the “s” for secure. This became the standard with SSL versions and now TLS. SSL is secure sockets layer, TLS is transport layer security. All it does it makes sure that the web sites are secure.

Later on in the last 10 years or less, they came out with firesheep to show that http connections were not safe and https needed to be the standard for true security even if you didn’t do online banking and the like.

Well, when the actors started, their pages were not using https where the S stood for secure. We were taught that if we wanted to put in data such as credit card numbers and other types of info like that online, we need to be on a secure connection. Sighted people looked for a padlock, disabled patrons checked the URL of the web page to hear that it had the S in it.

Examples: http://www.example.com VS https://www.example.com http://example.com vs https://example.com

This is how it has been until recently when the threat actors started to secure their pages thanks to services like Let’s Encrypt.

Without going in to any detail on Let’s Encrypt, let us just say that they do domain validation certificates and I believe they can now work on sites using the control panel we use on Linux boxes which was not the case before.

Let’s fast forward to recent times where recent Phishlabs articles kept indicating that the SSL rate was creeping up, and it was a matter of time.

Under the heading

SSL Abuse Continues to Skyrocket

here is the most important piece of information taken from this article.

PhishLabs, an APWG contributing member, is tracking the increased use of SSL certificates on phishing sites. Threat actors abuse HTTPS certificates to
enhance compromised sites by tricking internet users into believing the site is secure. Alarmingly, almost 80% of phishing sites used SSL certificates
during Q2, meaning users should no longer attribute the certificate as an indicator of safe browsing.

The portion continues:

“The number of phishing sites using TLS continues to increase,” said John LaCour, Founder and CTO of Digital Risk Protection company PhishLabs. “Most web
sites—good and bad—now use TLS. Phishers are hacking into legitimate web sites and placing their phishing files on those compromised sites.”

This exact thing happened to the Jared Rimer Network some years ago, and even effected several sites across my network. Somehow, actors were able to gain access to several of the sites across my network, upload their wares, and we’d be notified about it. I was notified one morning by Phishlabs directly by Email, and I promptly called them at 6:30 am on my way to my day activity. Indicating that I couldn’t get to the page from the email, they indicated that the issue was resolved, which was good news to my ears. I’m sure my provider was notified, cleaned it up, and that was the end of it. This is what needs to happen, because we may not even know that anything is going on.

To the providers credit, they learned quickly. This is because they sent me the reports, and I was to deal with it which I did not have access to do. I get it, its hard to maintain a network when you get reports like this and I did ask for assistance. I definitely thought there was a problem when I was told the passwords were as secure as humanly possible.

Under the section

SSL Growth

it talks about Extended Validation Certificate usage. If you put “Extended Validation Certificate” minus the quotes, a prominent provider named Digicert is mentioned. There are other places to learn about these certificates, and that is not the extent of this article today.

Let’s cover this section under SSL growth for a moment.

In addition, PhishLabs has noted the emergence of phishing sites using Extended Validation (“EV”) Certificates.

“The vast majority of certificates used in phishing attacks — 91 percent — are Domain Validated (“DV”) certificates,” noted LaCour. “Interestingly, we
found 27 web sites that were using Extended Validation (“EV”) certificates.”

In order to be issued an Extended Validation certificate, a site must provide verification of its legal identity. In theory, EV certificates indicate that
a site is more trustworthy, and their presence on phishing sites is significant.

It isn’t surprising that the majority of certificates issued today are domain validated. This is because this is the easiest. You either need to have something on a web server that you put up there, or a trusted authority like the control panel group issue validation certs for the domain which is done daily.

As for organization validated (ov) certs, I am not aware how those work, and that is for your research.

The article goes in to much more detail than I could ever cover in sections and give my thoughts on it. As part of NCSAM, check out this article in full, feel free to ask questions, the worst is that I won’t know the answer. I’d rather tell you that I don’t know than to lead you wrong.

Found this article of value? Why not search NCSAM while you’re here to see what else has been covered? We covered NCSAM last year with many articles linking to stuff, and I’m sure that it may be still of value today. I want to thank each and every one of you for coming by and checking out this blog. I hope you find the info of value, and if you have something to share, please get in touch. See you next time!

Updated 4:10 PM 10/6/2020 to fix a broken link

Comments (0)

Here is some Google news for you guys … Accessibility news with Docs and more

I finally got around to reading a post on Blind Bargains talking about a Google announcement. Reading the lengthy list of articles around the web came across this Tech Crunch article Google Docs is now easier for visually impaired users to navigate which is cool. Now if they only made it work with Firefox and Jaws? That is completely broken, and for me to utalize that, I have to copy the URL then open chrome to get it to work. Freedom Scientific was not interested in having this fixed. While I have Chrome and know how to use it, I shouldn’t be forced to change browsers just to get it to work.

To be fair though, Anchor and firefox is somewhat broken and so is Mixcloud. I’ve got a mixcloud account but forget to upload there. I used to do that all the time, but have been lackluster at that. I figure if I upload to Anchor using Chrome, while I’m doing that, I should upload to the other.

Besides that article which made me want to blog about Google, here is Blind Bargains September 30 rundown on what this event was and all of the very interesting headlines. Maybe Googlers may find this resource of interest. Thanks for reading!

Comments (0)

What has been read, blogged, and talked about for the last week, security news ending October 4, 2020

In this week’s news, some of which may have been blogged about on the tech blog itself, find out what I’ve been reading including the highlights of the Security News from Trend Micro. It has been a doozie of a week with the news of UHS and I’ve got several blog posts on that and even finding one from Dark Reading through twitter which I didn’t blog about. Read on to find out what caught my attention of things within the past week.

UHS is known as United Health Care services. Many different articles on a search of this company name will yield results talking about the group which deals with hospital care in various locations being part of potential ransomware. Their reports are the typical ransomware type, but they stop short of this.

Article list:

This can’t be good in the Public Relations department, can it? I’m an outsider looking in, and trying to disperse info and pointing people to the articles so that they can be informed. Read these blog posts, accompanying articles, and come back and tell me what you think.

911 services were down in 14 different states on September 28, 2020. The particular digest of the day with that blog post ca,me back to me asking if we can cover this on the Security Box. While I’m not sure on time as of yet, it is unknown if this is caused by security problems. I bring it up here because Krebs on Security did a good job talking about this, and I feel that this is something that if it is a security problem should be talked about. I’m unsure how 911 services work, routed, and the like, so I can’t comment on this except for the article I read.

Article list:

This blog post has my thoughts with the accompanying article from Mr. Krebs. I really have nothing more to say, please refer to the article for your information on this one.

Ransomware is still hitting the news, and more than ever. One particular article that I blogged about talked about an insurance company that was hit, but it isn’t just insurance we’ve got to worry about. More recently, I read an article and just blogged on October 4th about a potential ransomware in Las Vegas. That particular article goes so far as to talk about other school systems and their problems too. Some of this may have been talked about through the Security Box program that is broadcasted through the Independent Channel of the Mix.

Article listing:

The second blog post made me wonder, and it leads really to a questionable study that I have questions on. The third is the 2nd in the NCSAM article set, and I’m sure that I’ll have more in this set as I try to get caught up.

This week in Security News from Trend Micro covers a few items in which I have read. Some of it I have not read. It talks about a cross-platform Modular Glupteba Malware how it got its name and the like. Netflicks and Amazon accounts are susceptible by a Phishing attack according to an article and it is started by a phishing attack which targets Microsoft 365 accounts. One article that we are covering this next week on the Security box covers Identity Fraud and how to protect your identity data. I blogged specifically about this one in my first NCSAM article which was sent and digested out.

The first NCSAM article linked within this section is the one that talks about the identity theft article that was linked within the news notes article linked first. Both are worth the read, there may be items that I am unable to read or doesn’t interest me.

Find something that you found of interest as part of the Security Landscape that I do not have, or I haven’t read as of yet? Please send those links! Contact info is on the blog on the “about the blog” page. Thanks so much for reading, and make it a great day!

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu