go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu

The Security Box, podcast 34: The Rest of Keylogging, news, notes, note takers and their security, a very interesting video and more

This week had no listeners on the live recording of today’s program but that’s OK. It is going to happen. I present you program 34 and its accompanying show notes for you to enjoy. If you have comments, please feel free to contact me.

Here is 130.94mb file for everyone to get. Its on the RSS feed already.

Here are the show notes.

Welcome to podcast 34 of the Security Box. On this edition, we’ll pick up where we left off on the Key Logging aspect of our discussion and we’ll have news, notes, commentary and more. We also have something from Michael in Tennessee who sent us a video of 12 Android apps you must get rid of. Some of these, are quite interesting. Hope you enjoy the program as much as I am bringing it together for you.

Topic: Continuing Key Stroke Logging

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

News Notes and More

    This Tech blog post: Wetransfer has now joined the services that can be and has now been abused for Phishing Lures covers my thoughts on this and gives an example of a link that is valid verses the link that they show that is not valid and could lead to some big time problems. Zloader is the malware out there and I link and will link to the article from Phishlabs Surge in ZLoader Attacks Observed so that you can read my thoughts, or just decide to read Phishlabs coverage on this.
  • Looks like Lastpass is offering the ability to allow people to use SMS or voice calling for their second factor. I’m a little bit confused because I thought we can select it as well as our already existing two-factor method like the app or SMS already. This is the best thing that can come out of it, having a second factor of your choosing. LastPass Now Offers the Flexibility to Authenticate Into the Vault & Single Sign-On Applications With SMS Passcode, Voice Call or YubiKey is the article, please check it out.
  • Security Now, podcast 808 is being listened to, and they’re talking aobut the Solar Winds password which was solarwinds123. This password was used to log in to one of their servers. According to the new CEO, this password was used from 2017 until it was changed in 2019, roughly two years after it was first used. The old CEO said it was an intern who set that password and it was changed upon discovery of it being published on a GetHub page.
  • Speaking of Solar Winds, there are apparently three more malware strains of this out there in the internet. Tim Starks, the writer for Cyberscoop, goes on to talk about these new strains. Fireeye called one of them SunShuttle, while two more strains Microsoft named GoldFinder and Sibot. SunShuttle was named by Microsoft to GoldMax. Researchers uncover three more malware strains linked to SolarWinds hackers is the article on this latest development and we’re still quite involved in this one.
  • There are articles out there that talk about Microsoft having trouble with their exchange server. According to one of the articles, there are 4 such holes in Microsoft’s software that has been patched the week of March 6, 2021.
  • Another Payroll company has been hit, this time, in the ransomware department. The article was written by our good friend Mr. Krebs and the response is typical of a ransomware attack. They also do HR work as well. According to the article, they have processed at least $80 billion in payroll money. They had hoped to have operations back up within a matter of days, but numerous PEOs as they’re called were effected by the outage. PrismHR is the best thing out there according to the article, as other options have different issues that are documented. For complete details, check out the article Payroll/HR Giant PrismHR Hit by Ransomware? as there is more than what is being documented here.
  • The hackers are also getting hacked. Talked about also in a recent podcast of the Cyberwire, Krebs is getting some well deserved recognission on this one. The Cyberwire names a fourth in their coverage, but when I read this article, I just had to chuckle on this one. There are definite indicaters this is true including a private encryption key, ICQ numbers, and possibly more. The article Three Top Russian Cybercrime Forums Hacked should be read for more.

Other things

  • Michael in Tennessee sent me 12 Android Apps you need to get rid of and we’ve got this video. These are some scary things the gentleman talks about in here, better watch what you’re getting out there in Android world.

End of program

Comments (0)

Samsung fixes critical Android bugs in March 2021 updates

This week Samsung has started rolling out Android’s March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.

Source: Samsung fixes critical Android bugs in March 2021 updates

If you use Android and are supported by Samsung, time to update. Besdies that, Windows has their share of updates but that’ll be coming in a blog post later today. Michael talks about the Samsung phones being good for their update, and above is a blurb from bleeping computer and a link to read the full article.

Comments (0)

Vulnerability summary for the week of March 1, 2021

This is the link to March 1st vulnerability summary and there is yet another 10 at the bottom of the high section. Several Google Android listings in this one. If you find something that effects you, take note of it.

Comments (0)

Vulnerability summary for the week of February 22, 2021

I’m finally getting around to looking at the vulnerability summary for February 22, 2021 which was received on March 1st. There is one item that is a 10 which is the highest CVSS score you can get. Several other names may be familiar to some including Adobe, but the 10 is the last one in the list that I saw. You might want to peruse the list and determine if something effects you.

Comments (0)

BARD and Older iOS Devices

The following was sent to the BARD email list. The JRN is passing this along for those who are not on this list. Please contact NLS or your library for more information about the following announcement. It is between the ruler markers.

With regret, we write to confirm that BARD no longer supports iPhones, iPads, and iPod Touch devices running any version of iOS earlier than 11.0. NLS staff worked hard to find a way around this situation, but after an exhaustive search, we have found none. We realize that, especially in these difficult times, this poses a very real hardship for some of you, since the only solution for continuing to use BARD Mobile is to purchase a newer device. You can find a list of all devices that run iOS 11 at this apple support page.

Any newer iOS device will also work. Since the current version of iOS is 14, some of these devices are quite inexpensive.

There are many low-cost Android devices and Fire tablets, also known as Kindle Fires, that can run BARD Mobile as well. If you opt for one of these, make sure that the Android device is running Android OS 7 or later, or that the Fire is running Fire OS 7 or later, which means eighth generation or later.

If replacing your iOS device is not an option for you, we can suggest a couple of alternatives:

  1. If you have access to a computer, you can download books and transfer them to a flash drive or cartridge for use with the free NLS Digital Talking Book Player available from your regional NLS library. If your computer is running Windows 7 or 10, BARD Express makes downloading books and copying them to flash drives particularly easy. Follow the BARD Express link on the BARD main page to learn more.
  2. If you don’t have access to a computer, you can ask your regional library to mail cartridges to you with books of your choosing that you can play on that same player. If you like, your library can copy books from a series or multiple books by the same author to a single cartridge.

For more information regarding either of these options, please contact your regional NLS library. You can obtain contact information by following the link “Find Your Library” at The NLOS main web page.

We apologize for any inconvenience or hardship this situation has created for you and hope you will find a way to continue enjoying BARD.


The BARD Support Team

We hope this information is of value to users, and thanks for reading!

Comments (0)

IOS and WatchOS have updates

Hi all,

I was perusing Applevis on my telephone last night, and they had a post about IOS and WatchOS updates which cover security things. For full information, please read their post and I hope that this information is of value to you all.

Comments (0)

This week in Security news, news ending February 26, 2021

I know i’m quite behind in doing a lot of reading, but I happened to come across this digested read dealing with some news in the security field, and I thought it was time to go through and see whats going on.

Apparently, Facebook, Twitter and other visual apps that the sighted use are vulnerable to problems but now audio apps including the newly popular app called Clubhouse. Several blind people I know or know of have it, and one recently sent me an invite which I never received. Be that as it may, I’d be interested to read this one, and I see it in the Trend Micro archives that i need to read.

Over 10,000 users were recently hit in a fed-ex lure where people who get this type of email can get bitten with whatever the actor decides to throw at them. Always know if you’re receiving a package. These lures are back!

We’ve talked about double Extortion before on several episodes of the Security Box, but have we talked about Nefilim ? It doesn’t sound familiar, but Trend Micro has the lowdown on this one.

Sit down, don’t listen to anything else, turn everything off, because I’m going to tell you something that even I was shocked when I read this. The headline linked says that there wee=re 119,000 threats per minute. Think about this. According to the blurb under the headline:

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. That averages out 119,000 cyber-threats
per minute. Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million
unique phishing URLs were detected by the company in 2020, with home networks a primary target.

Is this something to sneeze at? This article wasn’t written by Trend Micro, so I’m going to have to read this one.

There are 4 different hacking groups according to an article that are hitting critical infrastructure and these are apparently new ones.

According to another article, Android users now have a way to check on the Security of their passwords. Android hasn’t seemed too keen on security, but now we learn they have something? I know Lastpass can already do this browser extension wise and I’m sure there are other password managers that can do this.

There are 6700 VMware server exposed to a new bug, according to the news. This can’t be good.

Find something in the blog post by Mr. Clay you want do discuss? Let’s hear from you! This Week in Security News – Feb, 26, 2021 is the article, let the comments flow in!

Comments (0)

Here’s some lastpass news about other authenticating options for a better secure account

I was recently reading my news, and came across something from Lastpass that is of interest. Apparently, they are now allowing a second factor of authentication to be added in case of your loss of phone or other isues that might make them use it.

LastPass now provides the flexibility to authenticate into the LastPass vault and configured single sign-on (SSO) applications with SMS passcode, voice
call or YubiKey.  

LastPass delivers both personal and business customers with the flexibility to authenticate into the LastPass vault using any cell phone or landline via voice call
and SMS passcode authentication. For LastPass customers who are not able to consistently use the Authenticator mobile applications, voice call and SMS
passcodes will now allow them to add secondary authentication on top of their LastPass vaults to ensure their credentials remain secure.  

In addition, LastPass is also releasing voice call, SMS passcodes, and YubiKey support for business customers accessing single sign-on applications configured
in LastPass. This provides additional options for LastPass users who may not want to use a hardware token to authenticate into their cloud applications.  

There is a section for home and for other users too. It seems as though you can chose between what you want to use within your account, but on reviewing the article, I’m unclear on whether you select voice call for example and it disables the authenticator which I don’t necessarily want to do. If I were having trouble, and I couldn’t use the authenticator, than it could revert to voice or SMS, but it seems that I’m totally unclear on this, so just read the article: LastPass Now Offers the Flexibility to Authenticate Into the Vault & Single Sign-On Applications With SMS Passcode, Voice Call or YubiKey for all of the details that I have.

Comments (0)

2.275 of Braille2000 is now out!

Problems addressed

  • In UEB, when translating digits followed by some punctuation, a surplus G1 indicator is added to the braille after the digits. The translation rules were fixed.
  • When using a flash drive Key, having a similar commercial flash drive also plugged in causes the license Key to fail as if it is not there. The read logic for the flash drive Key was updated to interrogate all USB flash drives connected to the computer (not just the first one of the right type).
  • The UEB Special Symbols template contains all symbols mentioned in Formats Appendix G. Normal punctuation symbols have been removed from the template (deleting them was a nuisance) and some additional symbols have been added.
  • Some BRF files opened with a Discrepancy Report (that in theory should not be possible; only ABT and B2K files contain dual representations that might, at times, differ). A layout bug was responsible, and has been repaired.
  • Using “Send To” and “Embossing Manager” (via right-click to a braille file) might show the Discrepancy Report dialog and/or the Select Braille Code dialog, neither of which is needed just to emboss the file. The Discrepancy Report and Select Braille Code dialog boxes are now suppressed when using the Embossing Manager. If an ABT or B2K file should happen to have discrepancies, the Embossing Manager automatically use the Braille Only option to emboss from the internal braille notation, exactly preserving the output obtained previously.
  • Other fixes

To get 2.275, run the panel file management, check for updates option and follow the instructions. Contact anybody at Braille2000 through jaredrimer.info’s B2K as a blind person web page and someone will assist you.

We haven’t had an update in awhile, its nice to have one. Its only several days old, so go get it! We’ll be here to help.

Comments (0)

Wetransfer has now joined the services that can be and has now been abused for Phishing Lures

I guess we can add wetransfer, the newest file transfer program that I was made aware of to the list of services that criminals are using to get their wares out.

https://we.tl/t-ZR52D6sDAm is a link to the last available technology podcast which was number 359 of that series. I had been meaning to record, but other things came up and of course the Security Box came up.

According to a recent article, there is a different type of link that the actors are using to get their wares out.

According to the legitiment wetransfer email, the sender matches what you’d get from wetransfer. The subject line has the email address sent you files using wetransfer.

The legitiment file transfer will explain what the file is by giving you the description of the file like you’ll see through the clickable link.

The link in this article will not be linked but it is: hxxps://wetransfer[.]com/downloads/52d55eeb42591d9ebbffe5326326858320210218183005/8b80cbbd9c1b8f7695b8de69e995ebee20210218183005/8c0cd5?utm_campaign=WT_email_tracking&utm_content=general&utm_medium=download_button&utm_source=notify_recipient_email and is a lot longer than the URL that is linked above.

The download button is on the web page of wetransfer’s legitament links, not on the llink like you see here.

The other two domains used are box.com and Google Documents just to add to insult to injury.According to box.com, they’re a collaberation tool, nd of course we know well about Google Documents which has been used for things like this for many years.

ZLoader was known for being a banking trojan, but it seems now to be picking up where other malware families got dropped.

Want to learn more? Surge in ZLoader Attacks Observed is the article. It is written by Phish Lab’s Jessica Ellis. Do read the article, it is definitely worth the read and thanks for listening and reading!

P.S. The link to podcast 359 linked here expires in one week.

Comments (0)

The Security box, podcast 33: Continuing where we left off with part 2 of the Keystroke logging topic and more

Hello folks,

Welcome to another edition of the Security Box. The RSS feed now has the program. Do you not want to deal with RSS or you can’t for any reason? Here is the 140.88mb file for you to get.

The RSS feed has the bulk of the show notes, but the show notes will be included in full including the full news notes segment which could not be included.

Here are those show notes.

On this podcast, we continue where we left off with our Key Logging topic, and we’ll also have news, notes, questions, comments and concerns. Hope you’ll enjoy the program as much as we have putting it together for you.

Topic: Continuing Key Stroke Logging

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

News Notes

  • According to an article found through twitter from a site called WSLS, Kroger is reporting a breach dating back to December. They’re notifying people because some employee data may have been accessed, however, the grocery and pharmacy chain who is based in Ohio indicate that no physical Store was ever effected. The breached was from a third party file transfer service I’ve never heard of called FTA. Accellion, the makers of FTA, indicate their file transfer product was patched even though the version used was 20 years old and is approaching end of life support. Kroger is latest victim of third-party software data breach has the complete details.
  • Scandinavian Airlines is among the victims of the Solarwinds breach, reports DN. This comes from Mikko Hyponen from F-secure translated what the tweet was saying and quoted an account on twitter who links to an article. Using Chrome and translating the page, I’m not getting a good read on it except its a potential backdoor attack. If there is an article in English, please let us know. I’m not linking to the Norwegian article since most of my readers may not understand it.
  • On February 22nd, I came across an article via the Lastpass blog that may be some days old but very valuable. The free service is changing quite a bit starting in March. The author, Dan DeMichele, goes in to detail on what is changing and it is very important for people to read it. The Tech blog also has this posted on the day mentioned and it’ll be linked here in the show notes for people. Quoting a paragraph it says:

    We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type. 

    Examples are given on each, and they allow you a $9 discount if you upgrade before March 16th. Also going away is the free technical support. While I only utalized support sparingly, once was when I got my new phone and I needed their help to disable two factor. To learn more: Changes to LastPass Free is the article, feel free to read all of the details on this.

  • I’ll never think of Apple Juice as a juice that I enjoy again. While I like the drink apple juice, we’re not talking about the juice now, we’re talking about a piece of Malware that seems to have popped up again as CISA has gone ahead and issued an AA advisory and 4 MAR21’s in regards to this. Acording to 48A under targeted nations, it says:

    HIDDEN COBRA actors have targeted institutions with AppleJeus malware in several sectors, including energy, finance, government, industry, technology,
    and telecommunications. Since January 2020, the threat actors have targeted these sectors in the following countries: Argentina, Australia, Belgium, Brazil,
    Canada, China, Denmark, Estonia, Germany, Hong Kong, Hungary, India, Ireland, Israel, Italy, Japan, Luxembourg, Malta, the Netherlands, New Zealand, Poland,
    Russia, Saudi Arabia, Singapore, Slovenia, South Korea, Spain, Sweden, Turkey, the United Kingdom, Ukraine, and the United States

    There are many versions here listed including: AppleJeus Version 1: Celas Trade Pro, AppleJeus Version 2: JMT Trading, AppleJeus Version 3: Union Crypto, AppleJeus Version 4: Kupay Wallet, AppleJeus Version 5: CoinGoTrade, AppleJeus Version 6: Dorusio, and AppleJeus Version 7: Ants2Whale. Several of these have Windows and Mac components as well as crypto currency information within the AA. The MAR’s have not been read by me, but I suspect go in to detail about the specific ones. The MARS emails were all HTML raw based but everything is linked below.

There may be more, check the blog for things that may be of interest, and stay safe.

Enjoy the show!

Comments (0)

Vulnerability summary for the week of February 15, 2021

This is the Vulnerability summary for the week of February 15th. As predicted, the FTA product was listed, and there are other items in there that may be of interest. I am not going to do a vulnerability summary report this week, because I don’t think most apply to the listenership of the box. Its going to be an interesting show, but this won’t be there. Click the link to learn more and see if something applies to you.

Comments (0)

Got Lastpass? Better read this for important free VS paid options

I don’t know how old this article is, but I was looking at my RSS feeds today and found this Lastpass blog post we’ll be linking to talking about free vs paid options.

The long of the short of the announcement, those of us who use Lastpass for free will soon lose the ability of logging in using multiple devices like phone VS computer. The free product will now be tied to the type of device, I.E. computer, laptop, phone, tablet, etc. instead of unlimited.

I’m saddened by this, because there are people who can’t afford a product like this who may utalize multiple devices. If you have ditched the computer and mainly use the phone for everything, than the phone/tablet/watch option may just work for free for you.

I’m not going to judge which product you use, and why. As discussed in many circles, it is important to use a password manager now a day because of the complexity of security and the numerous breaches that we have had to deal with within the last several years.

Want to learn more about Lastpass and their changes? Changes to LastPass Free is the article, and I hope that this finds you well.

P.S. You get about a 9 dollar discount through the blog post or your account if you act before the deadline. I did, I’ve used it for many years.

Comments (0)

Kroger is latest victim of third-party software data breach

Kroger Co. says it was among the multiple victims of a data breach involving a third-party vendor’s file-transfer service.

Source: Kroger is latest victim of third-party software data breach

I guess this shouldn’t be surprising, seeing the many companies coming outt after the massive Solar Winds breach. While this isn’t solar winds related, the grocery chain may consider itself very lucky because its stores itself is not effected as far as they can tell. Guess we’ll have to watch this one, and see what eventually happens.

Do feel free to reach out if you have comments on this one.

Comments (0)

Technical debt rising after buying in to things not really needed

I have a chance to read an article that Shaun sent me some time ago, and I think he posted the link on this blog. This was definitely a very interesting article where technology companies or even companies in general needed to buy things due to the pandemic, yet, they really don’t need it. It may have been short term.

If you want to learn more, read this article out of New Zealand: Firms’ technical debt rising after lockdown rush for digital upgrades – report and thanks for reading!

Comments (0)

The Security Box, podcast 32: Part 1 of Keystroke Loggers

Hello folks,

On this edition of the podcast, we start a discussion of keuystroke loggers. As indicated in the last podcast announcement, we do have some tracks, but they’re short and don’t take a lot of time. The program is still much shorter than the program’s broadcasting length on the mix, and we’ll see how it goes for podcast 33. We’ve got news, notes and more. I’d be interested on what people think of our “things to ponder segment” which starts the program. Thanks so much for listening!

Don’t want to deal with the RSS feed? No problem! Here is the 141.06 file for you to download.

Now, without any further ado, here are the show notes for this program, and thanks so much for listening, reading and participating!

Welcome to the security box, podcast 32. On this edition of the program, we’re going to talk about keystroke loggers. I found a Wikipedia article which is detailed and there could be a possibility that this goes in to multiple weeks. We’ll also have news, notes, questions, comments and even a “things to ponder” segment to boot.

Topic, Keystroke logging:

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

Things to Ponder

During last week’s program, we were still learning about the possible issue in a small town in Florida that could’ve had some serious problems with its water supply if it weren’t for a worker noticing something as simple as a mouse moving. In this things to ponder segment, I talk about what we’ve learned to date, and its quite interesting. To date, I have two sources you can read more, one an article by our good companion Brian Krebs, the other from CISA. You should read them both, and of course listen to what my thoughts are and participate.

I hope you’ll participate in this interesting story.

News, notes and more:

This is the news, notes and other commentary from around the web. Where appropriate, links to any articles may be possible.

  • I was told on February 15th about a 60 minutes piece on Solar Winds and the potential hack or lack there of where the Russians were possibly involved. On my own Internet Radio show for Sunday, I talked about one such story where a tech story like this was found on my local news site KNX some month after I saw it in publications like Cyberscoop. This doesn’t necessarily surprise me that Solar Winds was covered on 60 minutes, it is a national syndicated program and is well respected. I respect them, but this is now old news, but yet I don’t know what they really had to say about the attack so I can’t ccomment further.
  • While I’ve not been blogging like I really should, we can’t skip patch Tuesday. Besides Windows, its a good idea to check for updates on other software such as Adobe Reader, and even software you use on a more frequent basis. As usually the case, Trend Micro and Krebs on Security are the two places where I get coverage on the patches. If you have not gotten your updates, you should be soon. Please reboot if necessary. For February, there were 56 vulnerabilities, according to Krebs. 9 of these are the most critical, according to the article. To date, over 1700 CVE’s have been already disclosed this year. The CVE this time is CVE-2021-1732 affects Windows 10, server 2016 and later. According to Trend Micro, 7 of the vulnerabilities were disclosed via the Zero Day initiative (zdi) program. According to the Trend Micro article, 3 out of the 9 critical issues are in networking aspects of Windows. Please read Microsoft Patch Tuesday, February 2021 Edition and February Patch Tuesday Fixes 11 Critical Bugs for complete details.
  • While Emotet was dismantled as well as other gangs, we can’t let our guard down. There are other things that are out there that can take its place, or even it being used as a stepping stone to other attacks across your network. According to the article, a paragraph states:

    In 2020, Emotet, Trickbot, and ZLoader were the loaders of choice for actors, contributing to 78% of the overall loader volume. 

    In 2021, trickbot and z-loader are still being used according to Phishlabs. Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In should be read for the complete details. According to the Cyberwire Daily, seems as though Emotet is still going, even though infrastructure was disrupted by arrests of people.

  • While I’m behind on Trend Micro’s week in security postings as of late, I did come across some good news for a change which I always like to cover. The most recent article I’ve read in regards to arrests and seizures of infrastructure and domains deal with NetWalker’s ransomware gang. This is an article that our good friend Mr. Krebs covers. He describes what Netwalker is up to, the fact they are a ransomware as a service (raas) and how the domain or multiple domains were used. Its well worth the read, so check out the article Arrest, Seizures Tied to Netwalker Ransomware for all of the complete details.
  • Speaking of arrests, I read an article back on the 10th talking about the arrest of people involved with a phishing kit. According to this article, this phishing kit had a web control panel that would give you information as well as access to phishing templates and the like. The article Arrest, Raids Tied to ‘U-Admin’ Phishing Kit should be read for all of the complete details.
  • I don’t believe facebook for one minute. According to an article, Facebook, TikTok, Instagram and Twitter will target stolen accounts. How, I’m not exactly sure, but Facebook has been known to allow this type of thing. Instagram is part of their brand now, but I could see TikTok and Twitter having a stance. The article was written by mr. Krebs, and its a good article to read. The article talks about how these accounts are taken from legit users. The TTP’s include but are not limited to: Besides intimidation and harassment tactics, they use hacking, coercion, , sextortion, sim swapping and swatting. There is a forum called OG users which Brian covers in this well written article, and I urge everyone to read it. Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts is the article.

Lots to read and comment on, let your voice be heard!

Comments (0)

The Security Box, podcast 31 February 10, 2021

It looks like I have neglected to post some show notes for some programs, so its time to catch up on this. The Security Box has been uploaded, but I’ve neglected to post the notes.

On podcast 31, we pick up where podcast 30 left off on the domain discussion. We also covered news, notes, questions, comments and more.

Do you not want to deal with the RSS feed because you can’t or don’t know how? Here is the 103.03mb file and we hoep you enjoy it.

The podcast is much shorter than the program as we started playing less music within our program to comply with my other podcast. While podcast 32 plays some tracks, they are short tracks.

Here are the show notes for podcast 31 of the podcast, and again, thanks for listening!

Welcome to the security box, podcast 31. On this podcast, we’re going to continue the discussion of domains with several different things that we couldn’t get to from last week. Also, we’ll have news, notes, questions, comments and more. I hope you enjoy the program as much as we have putting it together for you.

Domain discussion:

Part of running a domain today is security certificates. These certs are called SSL certificates or what is now known as TLS. We have to remember that SSL and TLS are pretty much interchangable, keep that in mind.

When I first started reading Phishlabs, they were indicating that Phishing sites were not much into security as the ultimate goal was to get their wares out, not necessarily wanting to be secure. Thats when we learned through newsletters that looking for the padlock or https was the sign we’re secure. This is not the case anymore. This is because several years ago, a company called Lets Encrypt came up with an automated way of issuing the domain validated certificates that would be used for this purpose. The 200,000 web sites for August and September were unique sites according to the article. It also states that SSL encryption for phishing sites overtook SSL deployment for general websites. We also have a 10 percent increase in BEC attacks that originate from free Webmail accounts such as Hotmail, Outlook, MSN, mail.ru and possibly others.

According to the web site for Lets Encrypt, it says:

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).

According to the article, 80 percent of Phishing sites now have some form of SSL certificate installed up from the 74 percent I last saw. We’ve been covering this trend on the tech podcast, I remember when it indicated it was in the 50 percential. This is higher than most general websites, says the article. According to it, a survey from Q-source, 66.8 percent of web sites use SSL.

“Not surprisingly, most SSL certificates used by phishers were Domain-Validated (DV), which is the weakest form of certificate validation.” said LaCour. There are three types of SSL certificates, and DV certificates can be issued quickly, through an easy verification process. Of more than fifty-three thousand SSL certificates observed by PhishLabs, 91.3 percent were Domain-Validated.

Generally, PhishLabs found that cybercriminals are using free certificates. In Q3, 40 percent of all SSL certificates used by phishers were issued by the same free certificate authority, Let’s Encrypt.

According to the article, registrars are part to blame for the increase in phishing as there is limited action. Phishing has gone up sharply since March of 2020, and my article talking about one such phishing attack got something done. I sent the blog post linked here over to Mr. Krebs, and also called my provider I use. I called them up after doing some lookup and I mainly inquired as to whether they can help. As of Friday, February 6th, 2021: the domain emailhostsecurity.com is now suspended, and I don’t know when this officially occurred. The blog post linked here has the email that was sent to me, and I believe I talked about this on either the Security box or the main tech podcast.

According to the article, it says:

An average of 500 brands were targeted by phishing each month over the course of Q3, with SaaS remaining the most frequently attacked industry, targeted 31.4 percent of the time.

Under the Business Email Compromise section of the article it says:

The report also found 16.3 percent of BEC attacks involved domains registered by the phishers, with most originating from five registrars: Namecheap, Public Domain Registry, Google, Tucows, and NameSilo.

50 countries and 64 million dollars of potential stolen funds later, criminals have been identified in one year alone.

For the full details of the report and any links read: APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS and let’s discuss.

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable organizations and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery.

Look-alike domains are intentionally misleading to give customers the false impression that they’re interacting with trusted brands, leading to significant reputation damage, financial losses, and data compromise for established enterprises. The process of creating an attack is inexpensive, and if threat actors move quickly to evade detection, they can make a large return on their time and money.

Millions of internet users are targeted with look-alike domains each year. The article has a graph that shows only a sampling of at least 50,000 threats that Phishlabs has observed.

The most common use of a look-alike domain is to set up a Website with Monetized Links. This approach is not necessarily malicious, yet it accomplishes multiple objectives:

The article goes on and says:

The registrant parks a domain and capitalizes on visiting traffic by adding monetized links. The link topics are typically related to the impersonated brand’s keywords, increasing the probability that visitors will click through to the destination website.

They let a domain “age” before using it. Most scammers typically use new domains quickly, yet some will maintain them for weeks or months. Recently registered domains garner low reputation scores and are a telltale sign of malicious activity, making them targets for security teams.

I believe that is why my incident was handled, as when I looked it up, it was only 4 days old!

There is much, much more in this article that we could spend a long time quoting and discussing it. I now invite you to read: The Anatomy of a Look-alike Domain Attack for all of the complete details. If something sticks out at you, please discuss it.

We aren’t going to cover this one, but another article in this series is Look-alike Domain Mitigation: Breaking Down the Steps if you wish to take a look at it. Its a long process, and I think it needs more work.

News, Notes and more

  • Looks like there are a couple of items I heard about in February 3rds episode of the Cyberwire. Looks like Solar Wind first has more problems with their software that they have fixed, but the most important thing in this episode is that the initial breach of 2020 actually could’ve started as early as December 2019 when it has been reported that Solar Winds had one of their Microsoft 365 accounts compromised. We’re continuing to hear more, and you can search this out if you wish to learn more.
  • Looks like Facebook has changed their mind about collecting Metadata for now, according to the same episode of The Cyberwire. I’m not sure I fully buy that, but if they’re going to use meta data, let them have at it I say. Besides that, it looks like Facebook is going ape because apple will be putting a feature in to IOS that will allow us to tell apps to identify us by our tracking ID. Mr. Zuckerberg says that it is apple dominating the ecosystem and if I could read between the lines during the interview of that episode, he’s not too happy as it hurts their bottom line. The person interviewed indicated that it is about time, and it has been in the works for awhile, even though Facebook and others may say that it is because of January 6, 2021’s event that sparked this.
  • Security Now, podcast 804 has a ton of stuff that might be of interest to listen to. The very first segment talks about security certificate authorities and the latest one Camafirma, being knocked off the list by Google Chrome starting with release 90 which will be released in April 2021. According to Security Now, there are multiple issues which the company said they’d fix between 2017 and 2020, yet, they were never fixed. Please listen to the Security Now program numbered 804 for complete details on some of what was wrong. Through the years, the technology podcast as well as Security Now have mentioned and talked about other authorities misbehaving. Even Symantech, the makers of Norton, sign certs and failed at times. Its ok to make a mistake, but being a security certificate signer is a privlage, not a right.
  • A company I’m not familiar called Nox, who makes some sort of player, may have been compromised with updates that were malicious in nature only making it out to a subset of its customers. The company says there is nothing wrong, according to Security Now, so people who use this player better do their due dilligance and make sure their device from this company is not infected.
  • Sans News Bites is reporting that school districts can get some help with their cybersecurity. The blurb from the newsletter says: “IBM has announced a $3 million grant program to help US school districts protect their systems from ransomware. IBM will award $500,000 in-kind grants
    to six school districts, which will be chosen through an application process. The applications opened on February 4 and close on March 1, 2021. Teams from
    IBM’s Service Corps Program will “help [the selected schools] proactively prepare for and respond to cyberattacks.”” Lets see what happens! Sans News bites links to multiple articles, see the link to the newsletter on the blog.
  • According to The Cyberwire Daily, Feb 4, 2021: Zoombomnbing is being done by high school and college students who are board and want to “piss off the teacher.” It may not have started that way, but the Cyberwire says that most of the problems now are with the kids.

Comments (0)

Blind Bargains report that the ID mate is being discontinued

Hello folks,

Its never great to share a little bit of sad news, and I’ve complated on buying this device but with mhy phone, it isn’t necessarily necessary because there are bar code readers as part of apps like Seeing AI and maybe others.

The post I’m linking to is 3 days old, and I look from time to time to see if any news of interest could be passed along to my readers. Joe does a great job with deceminating the information in their post.

The item The I.D. Mate Is Being Discontinued shoould be read from Blind Bargain’s Joe Steinkamp for complete details.

I know that people may not have the necessary means to get a device whether smart or this device. I’m happy that they were able to offer a payment plan for the product, but they aren’t offering that anymore due to the announcement linked here.

I hope that this information is of value to people, and thanks for reading.

P.S. A telephone number for the company is at the bottom of the post linked within.

Comments (0)

Apple updating the subscription sheet in iOS 14.5 with clearer pricing and trial information – 9to5Mac

This isn’t very long, but this might be good for those who are confused. I’ve signed up for a couple of subscriptions and it seemed clear, but I’d like to see what its like when 14.5 comes out. IOS 14.5 was covered in this past week’s Tech Talk and Music program and the article they referenced came from Cnet which is pretty good. This comes from 9 to 5 mac, and while it isn’t long, it looks interesting.

Last week we shared a concept that explored ways Apple could improve the subscription sheet in iOS to help customers better understand what they’re signing up for. The issues with the subscription sheet have been a hot topic lately amongst the community. But tonight the developer behind Launch Center Pro, David Barnard has pointed out […]

Source: Apple updating the subscription sheet in iOS 14.5 with clearer pricing and trial information – 9to5Mac

Comments (0)

This week in security news, news ending Feb 12th, 2021

Hi all, I know i’m behind on news from Trend Micro, but there are some items that might be of interest to us.

Instead of doing a complete rundown like I normally do, I’m just going to link to This Week in Security News – Feb. 12, 2021 and let you decide what you want to read and you let me know what you want covered.

Comments (0)

« Newer PostsOlder Posts »

go to sections menu

navigation menu

go to sections menu