go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



Microsoft’s GitHub Account Hacked – 500 GB Of Microsoft’s Private GitHub Repositories Data Stolen

On May 10th 2020: an article entitled Microsoft’s GitHub Account Hacked – 500 GB Of Microsoft’s Private GitHub Repositories Data Stolen was published to bleeping computer and tweeted out. I read the article closely, to determine whether I should talk about this or not.

I have one problem with this article. If it was confirmed to be not harmful, and the actor(s) behind it decided to put it out instead of selling it, why talk about it? From what I’m reading, Microsoft is releasing code after 30 days, so is there a breach here or what? I’m kind of confused about this.

I’m using the same article title on my blog and linking to this article and I’m curious what people think of this. Was there a genuine leak, or is there something else going on?

Comments (3)

Let us talk a little about passwords, Again!

Hello everyone, welcome to another blog post here on the blog. I can’t believe we’re still talking about Passwords. Yes, I know, I know, passwords are used everywhere and we can’t keep up. The fact is that we can.

I’m guilty of one thing in this article, and that is to use a password or a similar password on a site I don’t much care about, an I’ve vowed to change that. Besides that, I think I’ve done better in my password hygiene but there is always room to grow.

With so many passwords out there, this article I’m linking to at the end of this indicates that most people still use things they enjoy or love as their passwords, even though we’ve heard and even talked about some of the major breaches from applications like Uber, Door Dash, Facebook, Target, and many others.

The problem isn’t laziness I don’t think, I think the problem is that there are too many sites out there that offer the services we want or need.

I understand people who have told me they don’t want to use password managers, and I don’t blame them. Some managers may not be easy for some to use, while others, may be easy to use, but become a problem they didn’t foresee. This exact issue happened with Michael in Indiana, and I feel his pain. Its not an easy solution, but one we must grapple with.

In 2020, 80% of organizations will overshoot their cloud IaaS budgets due to a lack of cost optimization approaches. This doesn’t mean that moving to the
public cloud is a mistake.

It can cost lot to go to the cloud with applications like Lastpass, One Password, and others. Its probably a good thing to test it out with a few passwords to see how easy it is to use and migrate as you go, or import your data and give it a try for free before looking for more long term company wide solutions. There are plenty of options.

For his research, Lancaster sorted through billions of passwords he found on TOR or the Dark Web, which he said included everything from small credential
dumps that might be specific to a small dental practice and their CRM system or major platforms like Zoom, LinkedIn, and Dropbox.
After normalizing and cleaning up the data to remove data that may have been dumped twice, he looked through to find patterns. He took out all of the default
passwords and accounts using “password” or “123” as the password in an effort to focus on the most commonly used trends in password creation. 

Thats not all you can do with major breaches if this researcher were to leak everything he found on the Internet.

Still, people underestimate how dangerous it is to use the same password on multiple sites. The Clario
study of 2,000 Americans found that more than three-quarters of millennials use the same password for more than 10 devices, apps, and accounts and some have
even admitted to using the same password more than 50 times.

Thats still happening today? I don’t remember how many passwords I have in my account and I know there are duplicates, but I’m confident I’ve not used them 50 times. Sure, on a site I don’t much care about because it doesn’t hold much value except to download music lets say, I should be changing those passwords. One site I’m thinking of, I don’t think I need to, as I used combinations I’m familiar with, but yet I used the ite name. Its OK because I capitalized aspects of the password. Others, I may be needing to change, and that may be worth looking at.

“Check the companies that were breached last year—Uber, Facebook, Booking, among others… These are apps that nearly every millennial uses. If a person’s
password gets leaked, cybercriminals would have immediate access to as many as 20 or more of the victim’s accounts/apps,” Baker said. 

Is this something you are worried about? There’s more to the story. Tech Republic has the entire details in their article from the 6th: ‘Hackers Google people’: Millions still using sports team, hometown, band, or child names as passwords

Lets see how we can change this today!

Comments (0)

This week in security news, news ending May 9th, 2020

As we end another week, it looks like there isn’t much patching going on in the pandemic age. I already covered articles covering the Zoom client and their recent acquisition, and that I hope works for them.

There may be some stuff that I have not yet read, and I may come across it later on. If thats the case and I want to cover it, I’ll probably do that.

Did you see anything in the news from Trend Micro that you want to talk about? Do you want to send me audio to be played on the podcast? Use any file sharing network of your choice, and send it to me using tech at menvi.org as the address sendy and I’ll go ahead and look at it.

This Week in Security News: 7 Tips for Security Pros Patching in a Pandemic and Coinminer, DDoS Bot Attack Docker Daemon Ports

Feel free to comment writing wise or via audio and I look forward in hearing from you!

Comments (0)

More Tech support scams, this time, Child Porn is involved

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message
claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to
reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs.

To make matters worse, the scammers give you an IP address and a MAC address. The Mac Address may not even match yours, and who knows about the IP address, says the article.

The article goes on to talk more about what a Mac address is. For those who are not familiar with this, here’s what the article says.

However, this address is not visible to others outside of the user’s local network, and in any case the MAC address listed in the scam email is not even
a full MAC address, which normally includes six groups of two alphanumeric characters separated by a colon

It seems as though according to this article, the message leads to a toll-free (844) phone number. The toll-free branches in the United States calling areas include: 800, 888, 877, 866, 855, 844, and newly implemented 833. The last toll-free designation according to the area code listing by number web page is 822.

The web site linked is done as a service for the Internet community and links to more up to date resources for area code data in the United States.

Also, the IP address cited in the email does
not appear to have anything to do with the actual Internet address of the recipient.
Not that either of these details will be obvious to many people who receive this spam email, which states:
block quote
“We have found instances of child pornography accessed from your IP address & MAC Address.
IP Address: 206.19.86.255
MAC Address : A0:95:6D:C7
This is violation of Information Technology Act of 1996. For now we are Cancelling your Windows License, which means stopping all windows activities &
updates on your computer.
If this was not You and would like to Reinstate the Windows License, Please call MS Support Team at 1-844-286-1916 for further help.
Microsoft Support
1 844 286 1916”

Brian thinks this would be a good idea to tie up this line even if you don’t really play along. He went to play along and got hung up on. Wonder how many people will take this on?

Article in full: Tech Support Scam Uses Child Porn Warning posted May 7, 2020

Comments (0)

Zoom acquires Keybase to beef up encryption, ease security questions

This might be the best news we’ve seen for Zoom. I’ve heard of Key Base, and the company sounds to me to be sound.

Keybase does secure file sharing and secure messaging platform.

I’ve not used this service, if you have, please comment on how usable or lack there of it was or still is for you.

Zoom acquires Keybase to beef up encryption, ease security questions

ee

Comments (2)

More Spam? Do you even read web sites?

I just saw the following email sent to me through my network as a straight email. It says:


As we end another week, it looks like there isn’t much patching going on in the pandemic age. I already covered articles covering the Zoom client and their recent acquisition, and that I hope works for them.

There may be some stuff that I have not yet read, and I may come across it later on. If thats the case and I want to cover it, I’ll probably do that.

Did you see anything in the news from Trend Micro that you want to talk about? Do you want to send me audio to be played on the podcast? Use any file sharing network of your choice, and send it to me using tech at menvi.org as the address sendy and I’ll go ahead and look at it.

This Week in Security News: 7 Tips for Security Pros Patching in a Pandemic and Coinminer, DDoS Bot Attack Docker Daemon Ports

Feel free to comment writing wise or via audio and I look forward in hearing from you!


The from address is:


From: “david” <>


It was sent to my correct email address which is not published anywhere on my site.

The reason I bring this up is to remind people that Spammers can just send to a bunch of addresses looking for a hit and a response.

My goal is not to respond to this one because I am not looking for any parts to anything, and if I were, I’d be looking for United States people not china people. This is for obvious reasons, do i need to spell this out for you all?

I guess I’ll start publishing some of the stupid like this one, lets see what we get. Obvious spam, looking for responses … oh wait … by not getting a mailback they have their response.

This aught to get interesting.

Comments (0)

A discovered malware sample uses code from the NSA and a Chinese hacking group

This bothers me. I read this article A discovered malware sample uses code from the NSA and a Chinese hacking group which I’m also using as my blog title, and I just had to shake my head.

We’re talking about activities in 2017 before the big drop that really caused us to wonder.

In this article, a hacking group named Winnti Group is mentioned. I’ve never heard of these people, yet this can’t be a good sign if they took code from the NSA andd turned it in to malware which hasn’t been delivered yet.

There was also an implant using the same type of code known as “peddle cheap.” We all know the “shadow brokers” from way back when, and research is wondering if there’s something going on.

Feel free to check out the article, and thanks for listening and reading the blog. We hope you find this of interest.

Comments (0)

Trend Micro does it again, they continue to team up

In a blog post, Trend Micro talks about teaming up with Interpol. This is not the first time they’re teaming up with the police agencies from around the world.

We are again delighted to be working with long-time partner INTERPOL over the coming weeks on a new awareness campaign to help businesses and remote workers
stay safe from a deluge of COVID-19 threats.

They’re going to be running a campaign and they’re teaming up with the global policing agency which is what Interpol is. Trend Micro is also doing other things like giving access to their flagship product for free during this difficult time.

Want to read more? Teaming up with INTERPOL to combat COVID-19 threats is the article and I hope that you enjoy what it has to offer.

Comments (0)

Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say

I guess that this should not be a surprise to ne, as China goes back to work trying to take control of what they think is theirs. In an article titled Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say which I’m also using for the blog post, the article here talks about China and what they’re doing around the world. This is more important in the Phillipines and Vietnam, who did not comment in the story. We have always known that China has done lots of things, I’ve been covering it for many years. Everything from the great wall, to turning off the Internet, and more.

Comments (0)

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

As the covid-19 pandemic continues around the world, when you think you’ve seen it all, you haven’t. COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims talks about money mules being used to move stolen money. This isn’t anything new, but the fact that the pandemic is here puts a new twist to an old scheme.

There are links to rior blog posts that I may or may not have posted here in this series Phish Labs is posting.

Seen these? Did you spot these? What did you think?

Comments (0)

Alert! Ransomware Hackers Threaten to Release Credit Card Data From Costa Rican Bank

I’m going through Twitter and I’m seeing this article which I’m using for my blog title. This should be an Alert, not just on the public address system, but all around the Internet.

This particular gang, called Maze, wants to damage reputation. The article indicates that they will only publish what they feel will benefit them, although the bank in question in this article has 11 million records although some may be duplicated in other aspects.

The Maze people said that the bank hasn’t secured anything so they’ll publish. That should not be a good enough reason to harm a company. The fact the security people blocked the attack was a start, and I’m not in agreement on releasing data because they chose not to patch whatever the problem is.

I’m still going to attack the bank however, because the bank started to do the right thing but then stopped. They should have patched the potential vulnerability that the hackers used aftr blocking their access. This is proper protocol to take, is it not?

From Coin News: Ransomware Hackers Threaten to Release Credit Card Data From Costa Rican Bank

Please feel free to comment on this one if it is something you’re interested in.

Comments (0)

Ransomware never takes a back seat: hospital apparently hit

Both of the following articles that I will be linking to were posted on the 6th. Looks like a large hospital network outside the United States was recently Hit. According to the article penned by Brian Krebs, this hospital may have bit the bucket with ransomware, although the spokesperson at the company did not say one way or the other.

The fact that one of the issues with the covid-19 virus we’re grapling with may be liver trouble, the hospital does deal with patients already getting a treatment called dialysis.

According to a snippet that is linked to Health Line, it says:

Dialysis is a treatment that filters and purifies the blood using a machine. This helps keep your fluids and electrolytes in balance when the kidneys can’t do their job. Dialysis has been used since the 1940s to treat people with kidney problems.

If Covid-19 has liver and kidney problems associated with it, and the machines to assist people with this problem in general can’t get the care they need, that can lead to death. Cyber Scoop did not indicate this in their coverage and both articles are well worth the read.

The Snake ransomware, according to Krebs, is a relatively new strain of ransomware. The fact of the matter is that we are not relaxing on our promise to quit attacking hospital and care facilities, are we, criminals? You indicated that you would quit attacking hospitals while they deal with this pandemic.

I knew you all were lying! In an article Everyone Is $$$ To Cybercriminals Using Ransomware it basically indicates that we are nothing but money, and we need to pay up every chance we get. And since Cyber crime up 4 times the norm? You bet! We’re going to be in for it until our world can return back to some sort of normacy.

Articles:

When two of my sources pick this up, you know it is going to be huge. Don’t be fooled, it is huge, and I’m sure we’re not done yet. This is not going to get any better during this pandemic.

The comment boards await you.

Other things to read:

Comments (0)

Name doesn’t match, theres no deal

In the below comment form I just saw, although you’ve seen this before, the names don’t match.


Below is the result of your feedback form. It was submitted by
() on Sunday, May 03, 2020 at 17:01:44

Name: Elijah
phone: 02.47.98.76.96
contact_method: both E-mail and phone
bug: no
additional_bug_info: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian
comment_or_question: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 89.187.178.239


What deal for what videos? I didn’t ask for any emails about any videos. This doesn’t even make sense and you fill out the bug reporting aspect of this as well as the comment aspect?

I should start blocking everyone who can’t fill out the forms correctly. No IP lookups, just flat out blocking through something called an IP deny manager. I hate the idea of blocking, as that can be circumvented, but fighting Spam like this needs to start somewhere. I’ve already killed one contact form, I should need to kill another one or two or three? Then nobody will contact us and thats not what the network is for. I’m curious on how people deal with these, especially now that we can’t go anywhere in some places. Do you block things like these at the IP level? We already know the forms email addresses could be forged anyway so blocking by email isn’t the question, and some form processors allow for that. I’d say I could do that, but I don’t like the idea because it can easily gotten around.

Comments (2)

Internet companies aren’t so bad, there are some good people out there

The following is my experience only, and each person may have different results. In no way am I going to tell people to use one Internet company over another, but after the experiences over the past few days, I thought I’d really take a deep dive in to how things have changed.

On Thursday afternoon, I noticed mail errors and did some investigating. I published this blog post on my personal twitter and copies also went out on on the network blog and the the mix internet radio blog as those are the main blogs I run. I do have one more but didn’t think to post the issues there.

After doing some more investigating, I posted the following tweet.

Jared Rimer, Update: the outage to the sites looks like its an ATT issue, calling them for me, don’t know how this will help, but giving it a try. 4 days ago, TW Blue

Several days later, I got this tweet from ATT. I’ve never communicated by social Media, but this is the first time i’ve communicated with them in this manner. I didn’t even tweet at them although I knew the name, and they responded to my tweet two days prior.

AT&T Help, @jrimer2008 Hey there Jared! Thank you for the update. Feel free to send us a DM if you need anything regarding your AT&T account. ^AlliyaT 2 days ago, Sprinklr

I explained that on my phone call, I asked about the wifi speeds and the person who took my call on Thursday just indicated that it was normal for it to be slow. I said it was beyond slow, that I was getting like 5mbps down and 1mbps up just to give an example.

I was then asked to direct message some account details. This was quite different doing customer service, and I even gave them Post mortem, an outage across the network on April 29th which I posted that day.

The tech I had was awesome, calling to discuss what the issue was, the fact i have had it for some time and my call Thursday prompted me to ask the question to begin with.

I’ve been doing this kind of work for many years now, and I’ve seen many reports of angry customers taking to social media to trash a company for whatever the reason was. While the above tweet indicated I would call to get the network issues resolved for me if it can be duplicated, I was able to tell them I had some other concerns that were not addressed during the call.

The weekend came and I got to thinking, I’ll do the best I can until Monday when I might have to call in and have tests come to see whats really going on. A tech called me, asked some questions, and was able to dispatch a tech for Sunday. I’ve never had techs coming anywhere on Sunday and they did come.

Suffice it to say, it turned quite interesting because I thought I would wait till Monday and call later in the day to talk to someone about the issue to determine if my equipment was going bad or what.

The tech was great too. For a sunday, they showed up in the afternoon and serviced me quickly. It was very nice to get quick, prompt, and efficient service over the weekend and now I think I’m doing well.

The person said that you can reach out to any ATT account you know of and I would recommend that you be courteous with your needs so someone can assist you. I’ve seen too many demanding people on social media say “do this or else” and trash the company for bad service.

I know I’ve made mistakes through the years as we learn and grow, but I’ve never trashed companies on social media. It isn’t who I am, and it’ll never be who I am. The experience I had this weekend was quite awesome, and this is a nice change to see.

Thanks for reading this blog, and I hope that it may bring some hope in your day knowing that companies today are looking out to help you. Great job!

Comments (1)

opinion: online petitions, and blanket servey postings

Note!

Before I start my article I wish to post some administrative notices.

One of the search previders, google is stating that the site is not
fitting all mobile screen sizes well.

Also that images and text are to small, and several issues like this.

These are not critical issues so I have ignored them, but if these are
the case then maybe something may need to be done.

Nothing has errored out just yet but I could investigate if we need
extra tools etc for all this if it ever becomes an issue, comment or
email me or jared or something and we can look.

Secondly.

As you may or may not have been aware we had what looked to be an
unscheduled outage last week.

It seems to be however that we had an unannounced system upgrade as we
are now using the latest php, a thing we have been asking our previder
to upgrade for the last 1 or so years now.

I am happy we are using the latest and most stable version of php, this
should mean we have another 2 or so years before we need to be concerned
again, however it took ages to get what we needed and it could be ages
before we can get another one.

Lets hope things continue to run smoothly.\

Hi all.

As I sit in my dreery rainy office / bedroom in my house, with the front
door open due to it being needing to be fixed and in the process of
being fixed, I have been catching up on the blog and various bits of
flotsom coming accross my desk.

Firstly, I have noticed that a lot of servays have been appearing.

Asking questions like Is your blind child effected by this virus, or is
your job or your education, effected, or is your business effected, or
are your workers effected and so on and so on.

These and other such questions pop up daily from various sources,
organisations, lists of organisations, unions and other organisations
wanting to  get stats on the lockdown.

But here is the thing.

The questions in and of them selves and the links and the servays are
quite important things.

The information and the statistical data is quite important.

The virus itself is a really important topic world wide.

Here’s the thing.

Yes its logical to post that to everyone that may be interested, however
its really no good if you then chainmail it out to everyone, every list,
forum, usergroup and personal email address you have in your entire
google contact, facebook contact, twitter contact, in hopes you will get
a hit.

Granted, you could send to organisations and those organisations could
send things out to those in their databases likely to be a parent,
teacher, business owner etc that may in fact be able to answer these
questions.

But its a little harder, you can’t just blanket post.

Blanket posting will insure you get your information out there.

However, there is a slight drawback.

A large amount of your users will get the information, a large amount
who are not targeted by it.

At best they will just delete the information and accept that this is
going about as I have.

But you could potentially get your users reporting you as spam and
getting you blacklisted all over the places or unsubscribing from your
news lists or not recommending you because you fill their mailboxes up
with spammy serveys amd mail which is not targeted at them.

I have not reached that point but a few serveys have appeared on
organisations like afb, nfb, aph all at once.

These filter down to users that chainpost them all over the place.

I need to now review all my mailboxes, spam, and other things and before
I read a single mail I have to delete half the messages in there, and on
some forums report/block certain users and topics full of serveys.

Its calmed down now though but is this blanket posting of serveys a good
use of resources?

If you are from an global entity like world blind union I guess I’d
understand.

But if you are in organisation x posting to y and then z and then to all
other organisations it may be better to get targeted serveys to those in
the database the servey matched with.

Some general posting is fine to a point to and some users will pass that
about to a targeted few.

Now though I am getting serveys at least 10-20 per day most of which
don’t have anything to do with me.

It may be only 2-3 serveys posted to various places, forums, news
letters, etc, from various organisations I am on but then users will
chainpost on and on and on.

For now its all quiet but it seems quite a waste of resources if 50% of
all users may not be your target.

Others may have a view and I encourage descussion.

Next, do online petitions actually work.

News stories I have read over the years suggest they don’t.

Firstly a local news broadcast suggests that they are legally nonbinding.

That in plain english means you give a corperation a bit of paper or a
site stating you don’t like them and they can just ignore it and not do
much about it.

So these are to make you feel good.

They mean nothing, but they make the user think they have done something.

Some sites and news feeds suggest they make others take notice as it
shows the feeling of users in such things as a country where governments
use this form to gage their voters feelings.

However its known that this is just a feel good thing.

What isn’t talked about though is the down side.

To sign these you need to put your name, email address and in some case
the country you are from and your comments if any.

Now granted getting where you are from, your name and email address aint
that hard to do these days.

Some sites get you to set an account where you put a username, password,
address, phone numbers, etc and so on.

Again its not a bad idea in the scheme of things.

If you want someone’s address, phone number mobile or otherwise you can
legally easily get it.

But what seems not to be talked about is who owns these petition sites.

Where is your data going.

There is no garantee that someone is getting and using it.

Names and email addresses are bad enough for spam, phone scams and
junkmail are a bit of an issue but thats not the worse of it.

There are plenty of things someone can do with your mobile, phone, email
and physical address including, physical things like potentially kill
you or rob you.

They can also target you in online swatting, hacking, spamming and
scamming/fishing.

They can be as spaciffic as they want to.

Someone is getting your data, that someone is the company behind the
petition.

And for all we know its china or someone.

True you can find out who owns x site easily enough but as other
articles on this blog have shown with wire labs for example this means
absolutely squat.

Names, addresses and all sorts of things can be faked.

You can even make fake creditcards these days.

So now not only are online petitions just feel good they could possibly
be potentially dangerous.

Also, any user from a conciderate organisation to a concerned citizin to
an utterly spoilt brat wanting to be a troll can make one.

I have had several and most of them are written out.

However I have had a couple from whining trolling idiots that are hoping
people will sign their whinings so they feel good.

Sadly with this virus going about these guys have increased.

These trolls will ask how to get money for free, etc.

Of course you can just choose not to sign.

I have signed a few just to make me feel good even though I know it
isn’t worth a damn.

I don’t do this all the time but it does concern me that no one has
looked at the potential user impacts of these online petitions.

The only good thing with the various privacy rules and laws about
especially in the climate of covid 19 especially with contact tracing
every government company and respectible entity needs to put what they
need to access and why in simple and readable english.

If they need to breach privacy run spying or servailance they need to
within reason tell people what they are doing, where they are doing it,
why they are doing it if applicable and when they are doing it and how long.

A lot of grey about and a lot of criminals but assuming things are all
good its still something not addressed.

We do know for example that selling and buying on facebook could be bad
and setting privacy information and misconfigurations in places from
facebook to organisations can be costly.

But no one has really researched how dangerous needlessly posting our
information to somewhere that has no gain what so ever.

It is clear that someone has a lot to gain, pitty its not us, the users.

Comments (1)

I’m glad I don’t use Google as my phone provider

Michael in Tennessee who has been on my podcast sent me this, and I haden’t read it at the time he sent it. Looks like its a great article about the actors within this space, targeting people outside the United States.

The APT group known as APT32 has similar tendencies as other apt groups across the globe. Nobody is targeted here in the United States according to this article. This came from Cyber Scoop and I probably would eventually see this. Thanks Michael, I really appreciate the heads up on this.

Wired first reported this in their article which is linked here in Cyberscoop.

Hackers with suspected links to the Vietnamese government have been using the Google Play Store to distribute malicious software for the last four years,
according to Kaspersky research published Tuesday.

The targeted Android campaign, which Kaspersky dubbed “PhantomLance,” affected roughly 300 devices in nearly a dozen countries including Vietnam, India,
Bangladesh, Indonesia, Iran, Algeria, South Africa, Nepal, Myanmar, and Malaysia, the company said.

I know that APT32 is linked and you’re welcome to read more within the article Vietnamese hackers exploited Google Play Store for espionage campaign is the article. I hope that this finds you well and you find this of value and of interest.

Comments (1)

Corona Protest websites organized? This is going to get interesting

More evidence that a group of conservative political activists is operating a network of websites meant to inflame pandemic-related tension in the U.S.
and solicit donations has been uncovered by a Seattle-based cybersecurity company.

Threat intelligence firm DomainTools released research Friday indicating that pro-gun activist Aaron Dorr appears to be using widely available software
to operate dozens of websites, many of which include “reopen” in the URL.

DomainTools researchers have conducted a technical examination of “reopen” sites — like “ReopenMN” and “ReopenWI” — to determine just how consolidated
the sites are, despite the appearance that they exist as standalone entities. The sites are registered to local gun advocacy groups and utilize One Click
Politics, a digital organizing service that allows a single person to manage dozens of websites, run email promotion and collect money.

This is the beginning of one article in which the topic of Corona Virus web sites protesting the stay at home orders that have been in place in most places since some time in March.

There are two articles here, the first was penned by Krebs on Security, the second from Cyberscoop. Krebs on Security asks the question on his: Who’s Behind the “Reopen” Domain Surge? It goes in to detail about the same set of people in a great article I think can be linked to this one. I may have linked to this before and if I have, I apologize.

The 2nd article which was quoted above is entitled Researchers discover how far-right coronavirus protest websites are organized and its good too. Both articles raise some great points, and I think both should be read in turn.

Have you read these articles before I posted this to the blog? Did you comment and if so what did you think? The comment boards await you, just comment away!

Comments (1)

FBI enlists internet domain registries in fight against coronavirus scams

In an article with the same title, the FBI is asking for the registries to help take down shady domains especially if they deal with the Corona Virus.

I think Registries should take down all domains that are shady, especially if there is a complaint of what they are doing.

Let us hypothesize I ran a domain that sells underground content found underground. Lets say that I baught this domain and I pointed it where it needed to go. If there was a complaint to my provider about my elicit activity, my provider would have to talk to me to find out what was going on, and give me a chance to change my ways.

Lets say that I changed the site and they closed the report. Some time later, I came back with the web site as it was after I knew the report was already closed. The provider is notified and this time he cancels my account because it violated the terms of service.

Next, I move to these bullet proof hosting services that I’ve talked about on this blog. We know that the bullet proof hosting services turn the other cheek, and don’t really disable any accounts or talk to their customers. They get paid, and thats all they ask for.

In the blog encarnation I have today, I found two blog posts when searching for bullet proof hosting. The first: Bullet Proof Hosting, how bad can it get? This blog post talks about a Krebs article penned back then and linked.

In other blog encarnations, I had blogged and talked about a Colorado bullet proof hoster who was completely cut off on the Internet. They were contacted as I discussed in my hypothesis, and finally the backbone cut them completely off. But if we register a domain, the registration companies should take the domain away from us, as ICANN allows them to do so if there is probable cause.

In an article Targeted, now what? I talk about Phish Labs and what they do and how the browsers work.

Its 2020, and we’re still having the same problem today. The U.S. wants to enact rules in place to counteract the Corona Virus and Covid-19 in domain names. Name Cheap, a domain registration company sent us an email that indicates they won’t manually register domains we buy with these keywords. Thats great! How about the rest of the cybercrime industry and the thousands of domains they can buy to host their crap?

FBI enlists internet domain registries in fight against coronavirus scams is the article from Cyber Scoop tht should be read. Also in this thread, Crebs on Security has an article entitled Sipping from the Coronavirus Domain Firehose which was posted on the 16th.

Both of these articles are well written and can be viewed as different viewpoints. Have you read these articles and what did you think of them? I hope that this finds you well.

Comments (1)

There’s plenty of NSO VS facebook, who is telling the truth?

In an article I read on the 25th of April, Facebook is eledgedly pointing at this Israely group doing things they aren’t suppose to do. The other is saying they did no such thing.

Cyberscoop has more on this that I’ve not yet read, but this is bad enough.

Lawyers for WhatsApp’s parent company alleged in documents filed Thursday that NSO Group, the Israeli software surveillance firm accused of spying on over
a thousand WhatsApp users, has used U.S.-based servers to launch its attacks.

In court documents, Facebook-owned WhatsApp
claims NSO Group used a server run by Los Angeles-based hosting provider QuadraNet “more than 700 times during the attack to direct NSO’s malware to WhatsApp
user devices in April and May 2019.”

There are links within this so you’ll want to read the entire article. What I want to know is whether the two sides can come to an agreement, or what the hell seems to be the problem?

If NSO group didn’t do any of this, it would behoove them to tell the truth when evidence may point to them doing such things.

Cyberscoop: NSO Group used U.S.-based servers to run WhatsApp spying, WhatsApp alleges

Comments Off on There’s plenty of NSO VS facebook, who is telling the truth?

Who is World Wired Labs?

I thought that Krebs on Security wrote articles similar to this, but this one came from Cyberscoop. The question is: Who is World Wired Labs and why are they selling an Android trojan? I want to know why we are continuing to have these types of problems when the Google Play store has apparently become more apt to this type of thing and they deny apps that are meant to cause harm.

A company advertising a remote access tool frequently used by criminals and nation-state hackers may be serving as a front for a Chinese hacking group, according to new research published Tuesday by BlackBerry Cylance.

Links throughout will prevent any further copying, but the apps in question discussed are not what they claim to be.

I’ll leave you here, and you can find more info by reading the article which asks: Who is World Wired Labs and why are they selling an Android trojan?

Comments (1)

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu