Skip to main content
The technology blog and podcast and TSB

The technology blog and podcast and TSB

By Jared Rimer

This is the podcast where I, Jared, talk about assistive technology, security, driving cars, and anything else that may cross my desk. If you wish to contribute, please feel free to contact me through the contact information available on the blog or contact information available in the podcast itself. You may also go to my web site for other public contact information. I look forward in participation and comments from everyone. The Security Box, otherwise known as TSB is a weekly talk show through 986themix.com and our independent channel.
Available on
Apple Podcasts Logo
Castbox Logo
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

The technology podcast, podcast 355: 2020 predictions, what do you think today?

The technology blog and podcast and TSBOct 23, 2020

00:00
01:07:38
TSB 184: PixPirate

TSB 184: PixPirate

Welcome to the Security Box, podcast 184. On this edition of the podcast, we're going to talk about PixPirate. Its an Android application known as a Trojan. It is hard to detect, and its hard to get rid of. Besides this, we'll cover the news, notes and and questions and answers that we may need to take care of.


PixPirate


This time, we're talking about a piece of malware known as a trojan. The article comes from Bleeping Computer and is titled PixPirate Android malware uses new tactic to hide on phones. If you want to read my pick apart on this, this is the blog post that'll let you do that. Its titled: PixPirate uses new tactic to hide on phone.


What do you think of the topic? Have you heard of it before?



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Mar 27, 202403:25:54
TSB podcast 183: An update on Pig Butchering

TSB podcast 183: An update on Pig Butchering

After a week off, we're back with another podcast. We hope you enjoy!


Hello everyone, welcome to the Security Box, podcast 183. On this program, we're going to catch you up on the landscape from the last couple of weeks. We've also got an update on what's going on with our favorite topic called Pig Butchering. Of course we'll take your comments as well and of course those questions. Thanks so much for listening!



Our topic: What's going on with Pig Butchering?


Pig Butchering is not necessarily going anywhere, but there have been some studies and money recovered. The article US moves to recover $2.3 million from “pig butchers” on Binance is the latest article we've seen on the topic.


Of course, we had a topic but seemed to have lost it, but that's what happens some times. This article will be taken apart to help the discussion and of course comments and questions are welcome.


As a side note, we can probably tie this in to Phishing as a whole, as the deployment of the beginning of how this works is an email, text, or other platform of communication. What are your thoughts on that? We even talk about it as part of Throwback Saturdaynight for the 16th in our first segment.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Mar 20, 202402:50:06
TSB podcast 182: Savvy Seahorse

TSB podcast 182: Savvy Seahorse

Hello folks, welcome to the security box, podcast 182. On this podcast, besides the news and notes of the week, we're going to learn about a new potential threat by a new potential actor called Savvy Seahorse. If you've read the blog, you'll already know, but if you only listen to the podcast, this is going to change the way malware is delivered. Of course we'll see what our participants want to talk about as well.


Our Topic, Savvy Seahorse


The article comes to us by our newest partner, Cybernews. Its titled Threat actor uses Facebook to lure victims, sends cash to Russia and covers Savvy Seahorse. This is going to be something we'll need to track, and we'll explain it all.


Let's just say that it uses the Cname aspect of domain hosting. Stay tuned!


If you want to read our blog post on it, Here is that post titled Savvy Seahorse uses facebook for investment scams.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Mar 07, 202403:36:24
The Security Box, podcast 181: Phishing Sites impersonating social media

The Security Box, podcast 181: Phishing Sites impersonating social media

Hello everyone, welcome to the Security Box, podcast 181. In Q4 of 2023, Phishlabs is reporting that a record of phishing sites impersonate social media to target victims. Question for the listener, what do you think you should look for when you get communication that talks about social media before you click, tap, double tap or press enter on a keyboard? We'll have the news and landscape as well as your comments and concerns. We hope you enjoy the show!



News, notes and the landscape



There are other smaller news items, but these might be the bigger ones. If yours isn't on this list, what fancies you? Contact me through jaredrimer.net and let me know. You can also send things to ponder files which can be played as well.



Our Topic: Phishing Sites up and impersonating social media


Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4 comes to us from Phishlabs this week. Let us know what you think good, bad or indifferent.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Feb 29, 202403:05:17
The Security box, podcast 180: Phishing as a Service

The Security box, podcast 180: Phishing as a Service

Hello everyone, welcome to the security box, podcast 180. On this podcast, Phishlabs will guide us through something I don't think we have ever seen. It talks about a service that is a web host service, but it is a completely different type of web host. They didn't classify it as bulletproof hosting, but something called phishing as a service. Two different companies are mentioned. Besides that, we've got news, notes, the landscape and your thoughts. Thanks so much for listening!




Big News of the week, Lockbit


The big news it seems that is coming out this week is talking about Lockbit. Looks like their infrastructure has been taken over by all kinds of law enforcement partners from all around the world. While we don't intend to give you an exhaustive list, here is some of the coverage we know about.




Our topic: Phishing as a service


This week, we're going to talk about Phishing as a service. It is a new concept, and you can probably say it is similar to Ransomware as a service. This week's article is titled Phishing-as-a-Service Profile: LabHost Threat Actor Group and it covers two different hosts. This, will get interesting.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Feb 22, 202403:05:58
The Security box, podcast 179: Romance Scams

The Security box, podcast 179: Romance Scams

Hello folks, welcome to the security box. This is program 179. This time, we'll venture off the path a bit and talk a little bit about romance scams. Instead of using the article as a guide, we'll talk about it in more general terms. Did you know that Valentines Day is one of the biggest times for this type of scam? Besides that, we'll have news, notes and the landscape as we always do. Thanks for listening and make it a great day!



Our topic: romance scams


With Valentines coming, romance scams are going to be on the rise. With Valentines Day coming, its time for the romance scams in full force is a blog post leading to the article we'll use for this discussion although we won't use it like we normally do. We'll use it as a starting point.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow

Feb 14, 202403:48:27
The Security box, podcast 178: Let's Unravel the Threats of Social Engineering

The Security box, podcast 178: Let's Unravel the Threats of Social Engineering

Hello everyone! Welcome to the security box, podcast 178. On this podcast, we're going to talk about the landscape, the news, and the crazy. We are also going to talk about the threats of Social Engineering as well. We give you the best blog posts of the week as well. We hope you enjoy the program, and make it a great day!



Our topic and accompanying true story


Today, Lastpass will lead the discussion with Unraveling the Threats of Social Engineering which was a great find. I don't know about you guys, but we need to be on guard and ready as much as we can. We can all be phished, scammed and Cory Doctorow's article is linked to Even the Best can be Scammed, check this article out which I wrote in my response to the article. So since we can all be targets, it starts with knowing what to look for by reading Lastpass's article and learning what we could do differently and learning by the other true story.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!


For full show notes including things talked about, please see the blog.

Feb 08, 202403:54:50
The Security box, podcast 177: passwords, Oh My! The Perils of Employee Password Misuse

The Security box, podcast 177: passwords, Oh My! The Perils of Employee Password Misuse

Welcome to podcast 177 of the Security Box. On this podcast, we seem to be on a password discussion, as lots of articles have come out in regards to the subject. Our topic even will include talking about passwords. We'll also have things to ponder, possibly some morons, and a great time as always!


These notes are annotated for RSS. Full notes on the blog.



Our moron(s)


Mercedes, its your turn. Apparently, you had something open on your Github account. The thing is, you're not the first car company to have issues, although you never said that there wasn't a problem, you did fix it with Github assisting as well. A password is mistakenly published, source code, blueprints and more once at risk is the blog post where you can read more about this one. Good job, guys!


Microsoft, you aught to be ashamed of yourself. You decided to give a test account admin privelages, then let the account go to legacy status. Then, because its an administrative account, someone finds it and abuses your systems. Great job! Ars Technica has the complete details. In major gaffe, hacked Microsoft test account was assigned admin privileges is the article.



Password reuse


We haven't blogged this at the time of these notes, but this is a good topic. The Perils of Employee Password Reuse comes to us from Lastpass and Amber Steel. Let us know what you think.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Jan 31, 202403:54:50
The Security Box, podcast 176: open forum, and one of the biggest breaches we've seen to date

The Security Box, podcast 176: open forum, and one of the biggest breaches we've seen to date

Hello folks, welcome to the security box, podcast 176. This podcast is mainly going to be an open forum, but we will have some topics coming. We might have some morons, some things to ponder, and whatever is on the minds of those that come on live.


Things that might be talked about


This is not meant to be exhaustive, but the following blog posts may be talked about in no particular order. Some may be talked about but not listed here, so check the blog for complete details.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Jan 25, 202403:14:43
The Security box, podcast 175: Threats targeting the airline industry through the dark web

The Security box, podcast 175: Threats targeting the airline industry through the dark web

Hello folks, welcome to the security box, podcast 175. I've been out sick, and now we're back to bring you what we wanted to bring you this past week. We've got news, notes, the landscape, two morons, things to ponder and a topic dealing with dark web threats targeting the airline industry. Thanks so much for listening and make it a great day!



Our Morons


We have to start with the moron who thought it would be a good idea that a database be left wide open for people to peruse the data. This database is a Mongo DB database, its similar to SQL where data is held and can be gotten at when needed. While this is a real estate app, this was definitely not done with security in mind.

blog post



If we've not had enough with Chat GPT, this aught to stand your hair right up. This data breaches article talks about how Chat GPT was made to give out ransomware software and now 4 are arrested. This aught to get more interesting.

ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concerns



Things to ponder


Carrying over some items that we just will run as part of this week's program, we've got some doozies. We'll blog anything we didn't yack about as I continue to recover.


  • 23 and me must be wanting to play the blame game. They claim that their incident is our fault, and they then are going to fix whatever security holes were caused by whathappened? Yes, we are at fault with reusable passwords, but you don't have two-factor on any accounts, so its a double whammy and part of it is yours. Here's my blog post from 2023 about this particular problem. I don't think its gotten any better there and they haven't really been better.
  • Sans News Bites is back, and I still need to blog some others. My goal was to get two done, but I have the one from the 5th of January. As we move forward from my illness, we'll record them as we get them. Check the blog for ones not covered in audio. Here's my blog post for Jan 5th for those who want to find it easily.
  • We're interested in audio dealing with predictions and Trend Micro has one for their predictions. This comes from their trend talks threats podcast series on their youtube channel.
  • We also have top breaches that I found from Have I been Poned that I recorded before my illness took over. This list changes, and we'll bring this to you each week.


Find something that you want to talk about? Use a file sharing service to get us the audio and you'll be featured.



Our topic


Our topic this week comes to us from Phishlabs. Dark Web Threats Targeting the Airline Industry is the article and we'll step through this one. Hope you'll find it of interest as everyone travels.

Jan 17, 202403:02:22
The Security box, podcast 174 for January 3, 2023

The Security box, podcast 174 for January 3, 2023

Welcome to podcast 174. On this podcast, we're just traversing the landscape and some of our longer posts and things that caught our attention. In most ways, this isn't complete, but just some. Terry, Nick and I take you along for the ride. Enjoy!



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Jan 03, 202402:19:31
The Security box, podcast 173: HHS not doing anything except for ransomware

The Security box, podcast 173: HHS not doing anything except for ransomware

Hello folks, welcome to podcast 173. This is going to be the last podcast of the year as it comes to live programming. Don't worry, we'll continue to blog things of importance, and I'll look through our podcast notations for some good things and put out a final podcast of the year. Our next live program will be on January 3, 2024. On this edition of the program, we'll have our news and notes segments, the moron, two things to ponder which are extended versions and of course our topic dealing with the HHS and their fine on an agency who got breached.


Our Things to Ponder


We have two things to ponder segments and both are extended versions and information packed. The first one is being cross posted through this podcast and our Security Hour which may air it any time it wishes. The segment talks about 1 in 4 people falling for scams and getting in to trouble. Besides falling for scams, there is one thing most people don't do and it'll shock you. Read More on the tech blog with the blog post titled 1 in 4 fall for scams to learn what is going on and what is recommended. The second talks about a very interesting email I got and how it could actually fool someone. At recording time, the domain was unreachable, although the group was given a different file which could not be resurrected for airplay here. Here is the blog post titled Did you think you were going to get me? You’ve got to try harder if you wish to read it. It too, will be crossposted, but I didn't mention that here.



This is a complete set of morons


Our set of morons are completely interesting. They thought they'd steal a car, taking everything from one person, but yet doing something that they weren't expecting. These guys were expecting an Iphone, found an Android and handed it back. They still took the car and possibly other items. Read the blog post with the accompanying article. You won't believe this one. Or will you?



Our Topic: HHS settles with ransomware case


You must be kidding me, right? Lots of breaches, ransomware cases and the like yet the HHS doesn't do much to enforce anything in my opinion. We have several articles on the HHS settling in certain cases like the Ransomware we're talking about today, or the HIPPA violations in another case, but most of the time its unchecked.


This week, HHS announces settlement on ransomware case is our article. It is a good start, but as we've said, there have been a lot more. Let us know what you think.




Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Dec 14, 202303:01:08
The Security box, podcast 172: The Q3 Payload report

The Security box, podcast 172: The Q3 Payload report

Hello folks, welcome to the Security Box, podcast 172. On this podcast, we've got two different morons, a look at the landscape, a few things to ponder and our topic dealing with the Q3 report on the landscape which includes QBot and other variants out there causing havoc.


For things to ponder, check the blog.



Our Morons


These are the morons of the podcast.


  • Montana, you have got to be kidding me. We talked about this in May of this year, and now, it seems you lose. Seems like your law is unconstitutional and it questions what you're trying to do. While we support you, you've really got to prove why Montana should be allowed to ban the app as just banning it doesn't fix the overall problem. As we've asked, how are you going to enforce it? Here is the blog post titled Montana Loses battle to block Tiktok for now … still thinks they have a case which links to prior coverage and arguments. Have fun with this one.
  • We have two Ukraine stories in recent posts, but one of these is our moron. Ukrainian gets 8 years argues that 8 years is still not enough for stealing and selling personally identifiable information on the darkweb and profiting from it. At least this suspect got caught, and we can celebrate just a little bit. The JRN did not copy his name.



Topic: The Q3 Payload report


On this week's program, the Q3 Payload report is going to be the topic. Looks like QBot is still at the top, even though they were dismantled. This was quite interesting. There are two different Rats that are part of the problem now, and these aren't rodants. These are Trojans. In this terminology, Rat stands for Remote Access Trojan. Phishlabs has this article and its titled Q3 Payload Report and you should read it in full if you wish to do so. You'll thank us later.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Dec 07, 202302:50:54
The Security box, podcast 171: The top level domain that harbors a malicious shortener is ...

The Security box, podcast 171: The top level domain that harbors a malicious shortener is ...

Welcome to the Security box, podcast 171. We hope that each and every one of you have had a happy Thanksgiving and have recharged your batteries. On this edition, we're making it official and am bringing back the things to ponder. We'll explain what we're going to do and we put it in practice last podcast. If these things to ponder have blog posts, we'll link them from right within the program's show notes so you can read what we're talking about. We'll also have news, notes, any moron of the podcast and our topic talking about URL shorteners and a recent trend with them. We hope you enjoy the show as much as we have bringing the show for you!


For full notations, please see The Blog as we'll link to other things we don't have room here to cover.



The top level domain that harbors a malicious shortener is ...


According to a recent article from Brian Krebs, the most prolific domain now that has a URL shortening service that pumps out scams, phishing and just all around bad is the TLD that belongs to the United States. Read my thoughts and find a link to the article right here. The Top level domain for the United States now harbors malicious URL shortening service is the article title, and I hope you give it a gander.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Nov 30, 202303:35:38
The Security box, podcast 170: Password managers

The Security box, podcast 170: Password managers

Hello folks, welcome to the podcast. We're talking about password managers in a big way today. Links to the major managers are given. Its not a complete list, and there may be others I'm not aware of that may be trusted or we don't know much about. We bring back things to ponder in a different way and you'll get a taste of this in this podcast. I hope you enjoy the program as much as we have bringing it together for you. Happy holidays from all of us at the JRN!



Things to ponder


Today, we've got two for you and they're both blog posts.



Want your opinion known in this segment? Send an audio file!



Password managers


Below, please find the list of managers we talked about. Again, this isn't a complete list. Make sure you listen to the first segment which explains why we decided to put this podcast together.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Nov 23, 202301:25:34
The Security box, podcast 169: Generation Z, privacy or lack there of

The Security box, podcast 169: Generation Z, privacy or lack there of

Hello folks, welcome to TSB podcast 169. On this program, we're going to talk about Generation Z and an article I found that delbt with their privacy concerns. We may also have a moron, news, notes and more.



Our Moron


Temu is now getting sued, Kim Komando called this one is the blog post leading to our moron. We even have an up-to-date minute on Temu too.



Our topic


Our topic this week comes from the Malwarebytes blog. My blog post What does Generation Z think about privacy? has thoughts and leads directly to the article by David. Let's see what you think.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio affiliates airing our program


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Nov 16, 202303:31:07
The Security box, podcast 168: Threat Actir %g1 Profile %g Strox as a service

The Security box, podcast 168: Threat Actir %g1 Profile %g Strox as a service

Hello folks, welcome to the security box, podcast 168. On this program, we'll see if we've got any morons, a service that is a phishing service, news, notes and more.



The "You Stupid fuck" awards of the podcast


If this isn't a moron, I don't know what is. The blog post is titled Tech CEO sentenced to IP addressing scheme which is coming from our blog. It leads to the article we spotted talking about this guy. We may have talked about Micfo LLC before, but this is probably the end of this. Problem: the JRN thinks that 5 years isn't going to be enough and isn't a harsh sentence for the crime. Please sound off if you believe that this is the case.


-----------------------------


If you are prone to email scams, you might want to pay attention to this. One of my MENVI staff was smart enough to contact me to ask if they needed to do what the action in the email indicated. The bad news is that the site truly wasn't MENVI's, it looked nasty and never redirected as I thought it might. An email pretending to come from Cpanel, isn’t cpanel … can you smell trouble? has the complete details of this one. Sound off if you've seen something similar to this and whether you fell for it or not. Its OK if you did. There should be no shame!


----------------------------------------------------------


Solar Winds is getting sued. Seems as though they were never as secure as they should have been, and the CEO among others are getting sued. We thought that something was wrong, seeing how we later found out about how that compromise was completely done. Whether they were compromised by Russia or not isn't the point of the lawsuit, says the article, but boy ... this is probably as bad as you get when it comes to a supply chain attack. Here is the blog post titled SEC sues Solar Winds for fraud, says they are secure and the charges are baseless for your perusal. It can't get any better than this, can it?



Our topic: Phishing as a service


Today, we are going to have a very interesting topic that might be known later as a threat. This comes from our friends at Phishlabs. The article is titled Threat Actor Profile: Strox Phishing-as-a-Service and it was a good one. We'll break this down, as phishing as a service now takes hold.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.




Nov 09, 202303:11:42
The Technology podcast, podcast 378: A True Story of a potential scam
Nov 09, 202332:19
Tech podcast 377: Bec trends and impersonation webinar

Tech podcast 377: Bec trends and impersonation webinar

This webinar in July covered email impersonation and BEC things for 2023. Hope you enjoy this webinar from Fortra.

Nov 02, 202352:04
The Security box, podcast 167: Wrapping up NCSAM

The Security box, podcast 167: Wrapping up NCSAM

We're wrapping up NCSAM with a bit of everything. Hope you enjoy.

Nov 02, 202303:43:03
The technology podcast, podcast 376: impersonation lookalike webinar

The technology podcast, podcast 376: impersonation lookalike webinar

Domains. They're everywhere! In podcast 376 of the tech podcast, we're going back to a webinar that talks about impersonation and look-alike domains. This still happens today, and while it is over 2 months old, it is still valuable. I hope you enjoy the program for this time, and we'll have another webinar next time talking about BEC attacks and domains and email and the like. I hope you'll enjoy. Thanks, Fortra/Phishlabs for putting this together.

Oct 27, 202301:04:54
The Security box, podcast 166: NCSAM Week 3: Software updating

The Security box, podcast 166: NCSAM Week 3: Software updating

Welcome to the Security box, podcast 166. On this program, news, notes, the landscape and our thoughts on updating software. Check the blog for all of the latest news we've blogged and remember to subscribe to TSB's email list to get direct articles and comment on things.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio airings


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Oct 25, 202302:39:49
The Security box, podcast 165: week 3 of NCSAM

The Security box, podcast 165: week 3 of NCSAM

Welcome to the security box, podcast 165. We've definitely got at least one stupid moron award, that could be taken in two different ways. Next moron, Twitter, in an interesting move on charging non-paying users for access to twitter $1 a year according to their own twitter notification I saw. The topic this week is going to be on Credit cards, debit cards, online VS offline shopping and what we can do.



The Stupid Fuck awards


This blog post was written after listening to a program on the Cyber Crime network. It talked about TikTok being sued by Utah because they want children on the app. But we think its more than that. Utah may also get this award as a double whammy because "this is what social media is," says TSB staff and Throwback staff. You be the judge!


Next, Twitter Support says that they'll be testing a payment method for those non-verified accounts to pay $1 a year to get access to the service. I forget what country it is, but you can look it up on twitter support's account. If successful, they will bring it elsewhere, and they also could get the stupid fuck award. Good job, guys.



Credit cards, debit cards and more


The question is, How should we be using credit cards and debit cards online? Let's discuss this and take it much further. Let's discuss what we can do to use this offline as well.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.



Internet Radio airings


Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Oct 19, 202302:40:51
The Securityy box, podcast 164: NCSAM week 2

The Securityy box, podcast 164: NCSAM week 2

Welcome to the Security Box, podcast 164. Today, we catch up on some erata we did not get to last time in regards to passwords. We've also got the topic of domains and talk a little bit about the different type of domains and their purpose. We also talk about the guide we published on the blog which will also be linked herein. We have stupid moron awards with links to blogs and much more. This is the program that aired live on October 11, 2023. Thanks for listening!

The Stupid Fuck award


While not necessarily security related, we're going to give out the stupid fuck award to a guy who decides that it is OK to cause problems and who knows what with information they found.

Blog post


While we're dealing with Stupid Fucks, Air Europa, you're next as a company stupid fuck. My diatribe goes in to details, but suffice it to say, this company says that people should change their credit card info as it may have been pilfered, but says the breach is "medium sevarity." Go figure!

blog post

Domains


The topic this week is going to talk on domains. There are a lot of them, and new TLD's being thought of all the time. This blog post only touches the surface, but we did talk about redirections and stories too. We talk about TLD's that have been known for spam, but of course there's a lot more. We talk about IP addresses as well and why we use domains to get around the net.


While not talked about explicitly, this blog post talks about .zip and .shop and their abuse in case you missed it going by.

Erata


From last week, we talk a bit about credential stuffing and pass phraises.

Guides


On one of TSB's podcasts, we released a guide to help you as a disabled user who uses a screen reader determine where you're going on the net instead of pressing enter on the "Click here" links you see in spam and phishing. While the blog has a link within our pages, and its linked on EMHS, we want to highlight it again for those who need it. Getting Link information via access technology is the guide, and I want everyone to read it if they haven't read it already. Maybe you'll learn something.

Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Oct 12, 202302:17:42
The Technology podcast, podcast 375: Chat GPT, the good, the bad and the ugly

The Technology podcast, podcast 375: Chat GPT, the good, the bad and the ugly

While I love webinars, we must be mindful that they aren't mind and must give presenters the opportunity to distribute them. I believe this is Phishlab's webinar, although I could be wrong. Sorry about that if I am.



Welcome to podcast 375. On this podcast, we're going to give you a webinar. This webinar is dealing with Chat GPT. You'll learn the good, the bad and the ugly. It was a very interesting webinar.


Per usual, we give the presenters an opportunity to get it through their network. I believe this is a Phishlabs webinar but i could be wrong.


If I am, I apologize.


We hope you enjoy the program as much as I did listening to it and bringing it to you now. Contact info at the beginning.


Sorry for any tech issue sounding, I'm getting it rectified.

Oct 10, 202301:06:11
The Security box, podcast 163: NCSAM week 1: passwords and more

The Security box, podcast 163: NCSAM week 1: passwords and more

Hello folks, welcome to the Security Box, podcast 163. On this episode, we go through the news, talk about a very interesting interview and then tackle our first topic of NCSA


We talk briefly about this blog post about passwords, the reason why it isn't a good idea to share passwords

blog post and a bit about Multi Factor authentication. This blog post will talk more about multi factor authentication.


You may see terms like two-step, two-factor or multi factor. All pretty much are the same thing.


We hope you enjoy the program as much as we have bringing it together for you, and make it a great day!


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Oct 05, 202302:57:26
The Security box, podcast 162: open forum, week 2

The Security box, podcast 162: open forum, week 2

Welcome to the security box, podcast 162. On this edition of the podcast, we'll run through the blog and list, anything else on audience insights and more. This is week 2 of the open forum. Hope you enjoy the program!

Sep 29, 202302:41:57
The Security box, podcast 161: Week one of Open Forum
Sep 21, 202302:41:46
The Security Box, podcast 160: Freenom sued, drops free domains, more

The Security Box, podcast 160: Freenom sued, drops free domains, more

Hello folks, welcome to podcast 160. On this week's edition, we'll reveal the sudden absence of TSB, we'll have news and notes from around the landscape that folks may have read, and aa very interesting topic that deals with Freenom and the phishing landscape. Apparently, Facebook is in this too. Of course, we'll have any questions answered that people have too. Thanks for your support of TSB and thanks so much for listening!


The Absense of TSB


The sudden departure of TSB was not one the JRN was necessarily prepared for. While we have from time to time rescheduled TSB, and/or took specific holidays off like the Christmas break, Thanksgiving week, and possibly others, this was so sudden.


While working on TSB's release and catching up its EMHS page we got a message on Dice World. While that wasn't out of the ordinary, as I have gotten messages on Dice World before, the source and what the message contained was one of shock and grave concern.


The short version is that the JRN's MENVI helper, Janet Quam, passed away on the 30th of the month of August. While I have been told numerous things, a letter which I published on September 10th goes in to what Janet did with the network from various podcasts which don't exist anymore, to tech skills and a willingness to learn.


There was no health related stuff discussed except to state that we were aware of health concerns. To read the letter, please read the blog post titled A death across the network, here’s a letter.


It links to a Youtube copy of the funeral. MENVI's links page also has a link to the Obituary. We thank you for your support! A song appropriate will be played at the end of the program when we play music.



Meta, Freenom and phishing domains


Our topic comes to us today from an article which was published to Krebs on Security on 5/31. Its titled Phishing Domains Tanked After Meta Sued Freenom. As we've talked about on Throwback, we've now got other issues because of this suit, and other top level domains that are now taking what the free domains did. We'll make sure to bring this up.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Sep 14, 202301:57:21
The Security box, podcast 159: Fraudulent activity, Retail and the dark web
Aug 30, 202302:45:56
The Security box, podcast 158: The 1.3B Facebook fine

The Security box, podcast 158: The 1.3B Facebook fine

Welcome to podcast 158 of the Security Box. On today's podcast, we've got at least one moron, we've got an interesting topic that deals with Facebook getting fined, again, and of course we'll cover the landscape and what has been read and blogged as of late.



The You Stupid Fuck award section

  1. Who the hell is Global phishing 16 service? Well, someone or multiple someones have been picked up. Karma Catches Up to Global Phishing Service 16Shop comes to us from Krebs on Security and was quite an interesting read. According to Krebs, this outfit has been around since 2017 and really had a name for itself when it came to having people pay on time, making sure their tools were not given to anyone who did not pay and more. While the concept was novel, people got caught, so please enjoy your stupid fuck award.
  2. Nice to see some arrests of a couple dozen more stupid fucks in this one. Two dozen arrested, hundreds of malicious IPs taken down in African cybercrime operation comes to us from Cyberscoop. While the article isn't long, we now learn there is a new threat that knows what they're doing. Better read this one!

Topic: The 1.3 Billion dollar fine and what it means for privacy regulation


The article we're going to take from is an article we posted back in May. The title of this article is What the record-breaking $1.3 billion Meta fine means for the US-EU clash over spying programs and it comes from Cyberscoop.


I guess we'll have to see what happens with this, as I don't think we'll be done with this yet. If there are any updates, we'll be posting these updates to our list and blog where applicable.

Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Aug 24, 202302:43:07
The Security box, podcast 157: A Different type of Ransomware Demand

The Security box, podcast 157: A Different type of Ransomware Demand

Welcome to the security box, podcast 157. This week, we ay be talking about a very interesting topic coming out of connecticut which might or might be a moron. We'll talk about other news and notes from the landscape, and yes, today's topic is on ransomware groups and one which says you should pay the money to charity instead of the group itself.


Morons of the podcast


We are going to link to the stories that deal with our moron(s) of the podcast.



Florida Healthy Kids is a very interesting story, mainly because of who they are partnering with. I guess we'll see what happens with them.


Ransomware group says: Pay a Charity


Today's topic comes to us from Cyberscoop way back in May. I've not seen another group do this, and I think its a one of a kind deal. I wish I were on that charity list, although I don't take crypto, but proof of donation would all that it would be.


Today's article is titled A different kind of ransomware demand: Donate to charity to get your data back which should be read just the same. If someone you know was hit by this group, did they get their files back?


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Aug 17, 202302:39:55
The Security box, podcast 156: What have we learned from the Russia/Ukraine war and how to protect ourselves?
Aug 10, 202302:24:40
The Security box, podcast 155: What's going on with age Verification?
Aug 03, 202303:02:40
The security box, podcast 153: 13 DDoS for Hire services shut down

The security box, podcast 153: 13 DDoS for Hire services shut down

Hello folks, welcome to program 154. On this edition of the program, come with us for some news and notes, a recollection of someone who can change after making mistakes, and a topic talking about DDoS for hire services that have been shut down within recent times which could be a good thing.


A Note on a passing of a recent Security Expert


Kevin Mitnick recently passed away on July 16, 2023. He did have an interesting career, a criminal in his early years to a security consultant after the fact.


Brian Krebs sent the news through on Mastodon, and we blogged about it on the same day ... July 20, 2023.


Below, please find the books Kevin wrote. Note that the blog post does mention these and what is available also on BARD. I attended one of his webinars that KnowBe4 put on and it was excellent!


The books




DDos for hire services shut down


We blogged about this on the blog, and now its time for it to be talked about. This is a Krebs on Security article titled Feds Take Down 13 More DDoS-for-Hire Services which I found was quite good. Let's see what you think and our contact info will be given throughout the program.


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Jul 26, 202302:30:47
The Security box, podcast 153: Bould Spy

The Security box, podcast 153: Bould Spy

Hello folks, welcome to the Security box. This is program 153 and on this edition of the program, we're going to talk about a potential new threat that we might need to learn about. We'll also have potential morons that has crossed our desk, news and notes from around the landscape and more.


If you don't read anything else, you should read this


Think I’m harping too much on checking your stuff? Here’s why you really should … this is a true story shouldbe read. It links to a file which will only be available for a limited time which has the story. This came from Cybercrime radio and thanks to DJ Terry for giving us a heads up on this one. Now people should be happy that I harp on making sure that you are as safe and secure as possible. Thank me later!


A Data Leak that went absolutely correct


There's a difference between a data leak and a breach. A leak may in most parts be an accident, where a breach was intentional. My blog post Data Leak at Virus Total was only a subset, data removed has a link to the story. Let's just say that Google did everything as right as they could. Once notified, they removed said data an d launched an investigation on how the info got on the popular AntiVirus scanning application. You can't have it any other way. If a mistake happens, fix it as quickly as possible!


Our Morons


Our first moron today comes from a company called HikVision. This blog post titled: Use Hikvision cameras? You might want to be made aware of this goes in to the fact that this company just doesn't understand what might be going on with their network and their devices. Having QR codes to basicly log in to the camera yields very interesting results. Better read the accompanying article for more. You might want to be sitting down for this one.

Second: From Cyber Crime radio: Magaine: Bangladesh Data Leak Exposes 50M Citizens. This is the topic for their July 13th airing and this has to be a complete joke. We'll play this file as part of the program.

Our topic


Move out the way … Bold Spy is right there with spy tools like Pegasus is the tech blog where you'll find commentary and an article that talks about something called Bold Spy. Its got tools that others are using and possibly more. Feel the threat yet?


Finally an extra


Did you read Think I’m harping too much on checking your stuff? Here’s why you really should … this is a true story yet? As an extra, we play the audio podcast from CyberCrime Radio which sparked the blog post. This is of course within the last music set. Listen to the Cybercrime Radio piece, it really hit home on why this accompanying blog post was written.



Jul 19, 202303:45:17
The Technology blog and podcast podcast 374: Adnroid accessibility discussion

The Technology blog and podcast podcast 374: Adnroid accessibility discussion

On this podcast, a great video that was posted to Mastodon talking about what's coming to Android in 2023. But then I have questions dealin with the abuse of accessibility tools. Using Yellow Camera as an example, are these changes meant that people might be safer if they make a mistake? Contact info at the end. Thanks for listening!

Jul 18, 202343:12
The Security box, podcast 152: our three year anniversary

The Security box, podcast 152: our three year anniversary

On this edition of the program, we've got an open forum of topics. Lots of them have been covered through the years while others have been covered on the blog or TSB's email list. We hope that you enjoy the program as much as we put this together for you. See you next time!

Jul 15, 202303:23:42
The Security Box, podcast 151: BEC is back, let's learn what might be new
Jul 07, 202302:42:21
The security box, podcast 150: Ransomware Gangs giving us ransomware witha helping of zero-days
Jun 29, 202303:17:02
The Security box, podcast 149: Emotet is back, bigger and badder than ever

The Security box, podcast 149: Emotet is back, bigger and badder than ever

We did have some participation, full notes are here. No replay on Clubhouse though, sorry about that!



Welcome to the Security box, podcast 149. On this podcast, we may or may not have a moron, we'll definitely have news, notes and the landscape and a topic talking about a threat we thought was long gone.




Good Job India, welcome to the moron of the podcast


I stumbled across a video from a Youtube Channel which I am not familiar with. While Nick was in my JRN working room, I decided to see if there was an article about this. While the podcast gets a 9 minute video, check out this article titled India first democracy to ban encrypted messaging apps on massive scale. from a site called tutanota.com. They must be a news related site, name sounds familiar to me. Have fun with this one!


Here's the youtube video from Mental Outlaw if you want to watch this instead of listening to it.


Topic: Emotet is back, now a threat


The article comes to us this time from Phishlabs. Emotet Returns from Hiatus, Trails QBot in Q1 Volume is the title.


Are you surprised that this is the case? We know that Emotet was taken down in a crqackdown, but like most things, they come back in this industry. Feel free to view the article for complete details or download your copy of the show to hear our thoughts.


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Jun 21, 202302:02:52
TSB 148: Nation-State Actors go after cloud providers who have customers that have weak passwords

TSB 148: Nation-State Actors go after cloud providers who have customers that have weak passwords

Welcome to the security box, podcast 148. On this podcast, I may have a complete moron with a company, we'll have news, notes and more. The topic deals with passwords and it isn't looking that great.


Morons


We stand in solidarity with you, Reddit users. Reddit is taking advantage of the situation just like Twitter did so many months before.


Apparently, Reddit has decided to do the same thing. One article says they're only charging $0.24 per 1,000 calls to their API, but people indicate its much different. The cost is $12,000 per month or roughly up to $20 million per year according to some estimates. Here are the blog posts as of writing in regards to Reddit.



Van Nuys is not too far from where I live in a town called Woodland Hills. I go through there every time I take the bus. According to a KNX article which is very short, it says a guy from there was caught selling drugs on the dark web. Here is the blog post from the tech blog titled Van Nuys man pleads Not Guilty to selling drugs online which links to the KNX article.


In Case you Missed it


In Case you missed it, I finished Tracers in the Dark. It was a very interesting book, one I didn't want to put down until I did. Book Review: Tracers in the dark, by Andy Greenberg is the blog post and I'm not giving anything away.


Our Topic: Weak Passwords


Our topic comes to us from Cyberscoop. It was an interesting read. The article is title Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says and I found it interesting. This proves again that we need to make sure that our users are using strong passwords or pass phraises. Don't worry, Cyber Security Awareness Month is coming up, so TSB will be starting all over again with basic stuff when it comes to your security.


I hope that every single person will enjoy today's program, and thanks so much for listening!


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Jun 15, 202302:25:34
The Security box, podcast 147: Unpacking the Structure of a Ransomware Group's Business Model

The Security box, podcast 147: Unpacking the Structure of a Ransomware Group's Business Model

Welcome to the security box, podcast 147. On this edition of the program, I believe I have a very interesting but true story that must be told with the names being changed to protect the innocent, or is it guilty? We've got a very interesting article talking about the structure of ransomware groups, and no, we're not talking about specific named groups, just something that probably wouldn't surprise someone who reads this type of news. We'll see what else the landscape has to offer with news, notes, questions and more.


A true story that might include a moron?


Someone recently got someone fired as part of a grudge where someone heard something they said and decided to look them up and email a copy of what they said to the employer. This is the first time we've seen this in the phone world and we hope it isn't going to happen again. Live version with names changed to protect the innocent, or are we protecting the guilty?


Topic: What's going on with Ransomware groups?


The following is a Trend Micro article which we found very valuable. Unpacking the Structure of Modern Cybercrime Organizations is the title of this article and well worth the read. Question for readers and listeners to the live or podcast edition listeners, are you surprised? Let's discuss this one.


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Jun 07, 202302:46:54
The Security box, podcast 146: A name to the faceless proxy service

The Security box, podcast 146: A name to the faceless proxy service

Welcome to the security box, podcast 146. On this podcast, we may have multiple morons; one is a definite, news, notes and a very interesting topic about the proxy services and what they're up to.


Potential Morons



Topic


This time, we're going to talk about a very interesting KrebsOnSecurity article titled Giving a Face to the Malware Proxy Service ‘Faceless’ which was quite interesting.


The first paragraph says:

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Jun 01, 202303:45:25
The Security box, podcast 145: BabLock Ransomware
May 25, 202303:12:55
The Security box, podcast 144: its an open forum show

The Security box, podcast 144: its an open forum show

Welcome to the security box, podcast 144. This show is an open forum. We had no particular topic in mind, but we talk about books, the landscape and more. The show may contain some adult themes, but it is very light at all. This may contain language or other situations. Please be aware of it. Thanks for participating and make it a great day!

May 18, 202303:06:59
The Security Box, podcast 143: Let's discuss the relationship between Ransomware and Phishing

The Security Box, podcast 143: Let's discuss the relationship between Ransomware and Phishing

Welcome to the security box, podcast 143. Today, we're going to have a very interesting discussion about the Relationship between Ransomware and Phishing. We know of at least one moron of the podcast, and there is possibly going to be one more. Of course, we'll have news, notes and any questions from the Clubhouse audience.



Morons of the Podcast


First Moron, a Russian on the Run


There are two different articles out there about this one. One from Krebs and the other from Cyberscoop.



How Not! to notify people of a databreach


I saw a boost on Saturday about a breach with a company named Western Digital. That's nice, we have covered many breaches before. What I found was disturbing from Western Digital according to the boost. While they sent email out, the email was not accessible for those of us who use access technology; namely screen reading technology.


I don't know about you, but I would expect the info not in graphical form, I would expect it in text just like you and I communicate already. Here is my blog post from May 6th that mentions this. As of show note creation time, we do not have any official articles from the tech press, but when we do, we'll be sure to pass it along. Don't put breach notifications in picture form! It doesn't do anyone with disabilities any good.



Our main Topic


The main topic comes from Phishlabs. The article is titled What is the Relationship Between Ransomware and Phishing? and was written at the end of March, 2023. This is going to get interesting.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

May 10, 202302:51:57
The Security Box, podcast 142: The New U.S. Cybersecurity Strategy highlights

The Security Box, podcast 142: The New U.S. Cybersecurity Strategy highlights

This show has sections of strong language, but not a lot. The disclaimer is in there just in case, but it is not much in the wake of strong language.



Welcome to the Security box. This is program number 142 of the series and this time, we've got a topic which hasn't been covered before at least on our podcast. The topic covers a very interesting endeavor by the government to deal with Cybersecurity. Besides this, we'll see who gets a moron, we'll cover the landscape, and we'll see what else is of value. Hope you enjoy the program!


Morons of the podcast


One may not completely be a moron, but it qualifies as a group not just what the first item covers. The second, however, you'll just have to read to believe.


1. I'll put this one as a moron, but I really don't understand what seems to be going on over at schools lately. Its ok to keep information on children that have nothing to do with you giving them an education, and that information may include behavioral issues, SSN's and more.

blog post


Brian Krebs boosted (retweeted) the following to his followers. Note that my blog post has the linked article, so I'm not going to link it within this section. It says:


Doug Levin: NBC: Students’ psychological reports, abuse allegations leaked by ransomware hackers https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414 #edtech #databreach @brett via @kevincollier



2. Our second moron is more of the moron than the first, but here's a blog post titled T-Mobile, do you still want me as a customer? I don’t think so! which has the latest on what they have been up to. It links to yet another article, talking about yet another breach. Should we be surprised in this industry?



Topic: Highlights from the New U.S. Strategy


This is a Krebs on Security article that we're taking from. He was tooting (tweeting) about this on Mastodon.


The article is titled Highlights from the New U.S. Cybersecurity Strategy and it was interesting. I wonder what will eventually happen with this? Haven't seen anything since this article was written, but maybe they're working on it and we'll see something soon. Only time will tell.



Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

May 04, 202303:39:21
The Security box, program 141A: The Billion Dollar Scam

The Security box, program 141A: The Billion Dollar Scam

This is an episode that affiliates can run, and the program is under an hour. We'd like to thank the BBC for doing this research. Its definitely eye opening.


The show notes, which include a link to the video on YouTube follows.



Welcome to the security box, podcast 141A. On this podcast, we're going to provide you with a video. This video comes from the BBC, and it does leave some very interesting questions. Contact info is given at the end.


What sparked this? This toot from Brian Krebs is what sparked this. It says:


https://www.youtube.com/watch?v=w6JXZ3GzSCQBrianKrebs: Simona Weinglass of The Times of Israel is my new hero. Her video reporting on crypto investment scams is well worth watching.


Tl;dw, it appears the biggest crypto investment scams targeting people in the UK were promoted by at least a half dozen of England's premiere football (soccer) leagues. These scammers managed to rake in at least a billion dollars, and could afford lucrative sponsorships that got their brand everywhere. As the former scammers explained, there's nothing real about the investment "earnings" shown to people who get roped into these scams: It's all just a digital mirage, and any money invested is gone.


Her video series on the BBC zeroes in on who's responsible. Involves ride-alongs with German police as they worked w/ investigators in the country of Georgia to raid call centers working the phones for these fraudsters.


https://www.youtube.com/watch?v=w6JXZ3GzSCQ


If you're just here for the video, this is the youtube link to the video we give in audio.


Thanks Brian for posting this! I found it very eye opening, and it even made me mad, but that's probably what we'd expect with what you'll hear. I don't blame them though, but you should hear or watch this and make up your own mind.


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Apr 30, 202351:47
The Security Box, podcast 141: Dark Bit, a new threat that starts with a grudge

The Security Box, podcast 141: Dark Bit, a new threat that starts with a grudge

Welcome to the Security box, podcast 141. On this podcast, Cyberscoop is along to help us diagnose yet another ransomware group. They actually start by attacking Israeli schools, but will it stop there?


Besides that, we'll have the news, notes from around the landscape, possibly some morons, and of course your thoughts.


Our topic today comes from this Cyberscoop article titled New cybercrime group calling itself DarkBit attacks Israeli university which we sent to the list in mind February.


While we've not seen anything else on this, it isn't for us to keep our mind down as they could attack anything they want.


We hope to see you on the show, thanks so much for listening!


Supporting the podcast


If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Apr 26, 202303:46:08