The technology blog and podcast and TSB
By Jared Rimer
The technology blog and podcast and TSBSep 06, 2018
The Security box, podcast 190: Is Age Verification Legal?The Security box, podcast 190: Is Age Verification Legal?
- LockBit ransomware admin identified, sanctioned in US, UK, Australia Bleeping Computer
- LockBit gang leader exposed in FBI ransomware breakthrough CyberNews
- U.S. Charges Russian Man as Boss of LockBit Ransomware Group KrebsOnSecurity
- Ransomware mastermind LockBitSupp reveled in his anonymity—now he’s been ID’d Ars Technica
- Are we surprised that TikTok will sue the U.S. Government?
- Chinese banks hit again
- Jack Dorsey praises Twitter for being “freedom technology”
- Fake tech support scams and sponsored search results
- The Yahoo boys are people you need to be aware of: Scripts, scams and more await
- Notice from Dropbox
- Age Verification is lawful the technology blog and podcast
- Court makes it clear – age verification on adult sites is constitutional Cybernews
The Technology podcast, podcast 379: Xposedornot.com
TSB 189: eSIM and Sim Swapping
The Security Box, podcast 188: Incogni
- The table as well as tree view of the exposures page not properly giving correct dates, I.E. the table was showing 2023 items while the default view was not quite showing current dated items added to the site.
- We learn about the news page and its purpose while asking questions.
- We found a very interesting post about data exposures and their categories. At the time of writing, I don't have a blog post on this yet.
The Security box, podcast 187: What's going on with our drinking water?
Hello everyone, welcome to program number 187 of the security box. On this program, we're going to talk about our drinking water. No, not the fact that it could taste bad or that it is the best water ever, we'll talk about the security aspect of where our drinking water comes from. Besides that, the news, the notes and the landscape. Remember to contact us with your questions, comments or concerns. If we don't know, we've got people that do, so get those questions in.
Recently, the Jared Rimer Network discovered a service in which we are happy to use. While haveibeenpwned.com is good, I do find some things that don't work well accessibly. While I got the domains to work, and those instructions were easy to follow, I did have issues with the service I'm about to recommend. I got it to work and it is more accessible. Even the exposed breaches may not be that extensive, both services get their breaches through verification. To learn more about the service Exposed or not, please view the latest blog post We have a new service up, accessible too for complete details. The service is spelled xposedornot. Drop the E.
- Unconfirmed, trust wallet could be at risk with a zero day
- Bot attacks as a top threat this year was supposed to be posted earlier but it missed its schedule
- Sans News Bites for April 16, 2024
- Lawfirms now have AI Generated lawyers?
Some may bring these up, but may bring other things as well. We'll have to see. Keep on reading!
I've never really liked the taste of water. Especially from our faucets. But this podcast isn't talking about whether we like water, which we're told we should drink to keep ourselves healthy.
I know, I know, I'm just as guilty as the rest when it comes to that. But this podcast isn't about whether we like the stuff, its about the security of how it gets to us. We know it goes through pipes, but do we honestly know how it gets to those pipes to how we drink it, cook with it, or use it in our coffee? There's an elaborate system, but is it as secure as it can be?
Apparently, hackers can get in to these systems, and this is where we could be in some real trouble. The latest blog post I penned on this subject is titled Hackers interrupting critical drinking water which links to the CyberNews article US officials warn of hackers disrupting the “critical lifeline” of drinking water which was an interesting read.
If you search for water by itself, you'll find other blogs like:
- Cyber Attack cuts off Water for 2 days
- Iran hits Pennsylvania water fascility
- Water treatment facility breached by California man and
- The Security box, podcast 52: The Security of our Water Supply, news notes and a very interesting robery story to boot
The last item is a podcast where we talked about this before. There may be others including group names that may have water in its name, but the items above are the highlights of what I want to bring about for this discussion.
With this knowledge and the article from CyberNews, where are we in this space? I guess we'll find out.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
TSB podcast 186: Tycoon 2FA bypasses 2fa of major providers
TSB podcast 185: AcidRain and AcidPour
Welcome to the security box, podcast 185. We have several things in Erata that we'll read, one coming in just before I was supposed to leave although that trip got postponed. While that thing we'll read is a week old, its still valuable. We also put in the Facebook thing I saw prior which might get people to chuckle. Our topic today is one dealing with Russia, and another Wiper Malware. The article we take from is from CyberNews, and we also blogged the thing. We'll have news, notes and more.
While I still seem to be a week behind, I'm going to sites on my own to find things of value so I can try to keep up.
In my perusal of Mastodon, I found this, and thought it should be posted. Here are common vector attacks behind data breaches is the blog post, where Diva on Breaches takes us through 7 different items in her post.
This is also in our show notes and will be read out for those who listen but do not read the blog on a regular. Thanks Devanand for continuing to share the knowledge we can share. We recently read one of her recent posts in a prior podcast.
Knowledge is power!
Our blog post New Malware, AcidPour has a link to the Cybernews article. As usual, we'll take some of the paragraphs to aid in the discussion.If you just want the article without going to the blog, no problem. Russia unleashes dangerous new wiper is the article.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
TSB 184: PixPirate
Welcome to the Security Box, podcast 184. On this edition of the podcast, we're going to talk about PixPirate. Its an Android application known as a Trojan. It is hard to detect, and its hard to get rid of. Besides this, we'll cover the news, notes and and questions and answers that we may need to take care of.
This time, we're talking about a piece of malware known as a trojan. The article comes from Bleeping Computer and is titled PixPirate Android malware uses new tactic to hide on phones. If you want to read my pick apart on this, this is the blog post that'll let you do that. Its titled: PixPirate uses new tactic to hide on phone.
What do you think of the topic? Have you heard of it before?
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
TSB podcast 183: An update on Pig Butchering
After a week off, we're back with another podcast. We hope you enjoy!
Hello everyone, welcome to the Security Box, podcast 183. On this program, we're going to catch you up on the landscape from the last couple of weeks. We've also got an update on what's going on with our favorite topic called Pig Butchering. Of course we'll take your comments as well and of course those questions. Thanks so much for listening!
Pig Butchering is not necessarily going anywhere, but there have been some studies and money recovered. The article US moves to recover $2.3 million from “pig butchers” on Binance is the latest article we've seen on the topic.
Of course, we had a topic but seemed to have lost it, but that's what happens some times. This article will be taken apart to help the discussion and of course comments and questions are welcome.
As a side note, we can probably tie this in to Phishing as a whole, as the deployment of the beginning of how this works is an email, text, or other platform of communication. What are your thoughts on that? We even talk about it as part of Throwback Saturdaynight for the 16th in our first segment.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
TSB podcast 182: Savvy Seahorse
Hello folks, welcome to the security box, podcast 182. On this podcast, besides the news and notes of the week, we're going to learn about a new potential threat by a new potential actor called Savvy Seahorse. If you've read the blog, you'll already know, but if you only listen to the podcast, this is going to change the way malware is delivered. Of course we'll see what our participants want to talk about as well.
The article comes to us by our newest partner, Cybernews. Its titled Threat actor uses Facebook to lure victims, sends cash to Russia and covers Savvy Seahorse. This is going to be something we'll need to track, and we'll explain it all.
Let's just say that it uses the Cname aspect of domain hosting. Stay tuned!
If you want to read our blog post on it, Here is that post titled Savvy Seahorse uses facebook for investment scams.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security Box, podcast 181: Phishing Sites impersonating social media
Hello everyone, welcome to the Security Box, podcast 181. In Q4 of 2023, Phishlabs is reporting that a record of phishing sites impersonate social media to target victims. Question for the listener, what do you think you should look for when you get communication that talks about social media before you click, tap, double tap or press enter on a keyboard? We'll have the news and landscape as well as your comments and concerns. We hope you enjoy the show!
- You have to be kidding me, 1 year later and the DOD is sending out notifications?
- 2.5 million private plane owners breached
- 911 proxy is back, new name: cloud router: still dangerous
- Avast caught collecting lots of info? Selling it to other companies?
There are other smaller news items, but these might be the bigger ones. If yours isn't on this list, what fancies you? Contact me through jaredrimer.net and let me know. You can also send things to ponder files which can be played as well.
Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4 comes to us from Phishlabs this week. Let us know what you think good, bad or indifferent.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 180: Phishing as a Service
Hello everyone, welcome to the security box, podcast 180. On this podcast, Phishlabs will guide us through something I don't think we have ever seen. It talks about a service that is a web host service, but it is a completely different type of web host. They didn't classify it as bulletproof hosting, but something called phishing as a service. Two different companies are mentioned. Besides that, we've got news, notes, the landscape and your thoughts. Thanks so much for listening!
The big news it seems that is coming out this week is talking about Lockbit. Looks like their infrastructure has been taken over by all kinds of law enforcement partners from all around the world. While we don't intend to give you an exhaustive list, here is some of the coverage we know about.
- The Cyberwire Daily: February 20, 2024 will talk about this in their news notes for the episode. Here's a link to the Cyberwire.
- Lockbit, your time is up! Now its time to go find real work is my blog post, leading to LockBit cartel disrupted “at every level” – Europol if you don't want to read mine. I am not offended. I do take this article apart though, so give mine a read if you wish.
- Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates comes directly from Brian Krebs. At the time of Writeup, the JRN has not read this yet.
This week, we're going to talk about Phishing as a service. It is a new concept, and you can probably say it is similar to Ransomware as a service. This week's article is titled Phishing-as-a-Service Profile: LabHost Threat Actor Group and it covers two different hosts. This, will get interesting.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 179: Romance Scams
Hello folks, welcome to the security box. This is program 179. This time, we'll venture off the path a bit and talk a little bit about romance scams. Instead of using the article as a guide, we'll talk about it in more general terms. Did you know that Valentines Day is one of the biggest times for this type of scam? Besides that, we'll have news, notes and the landscape as we always do. Thanks for listening and make it a great day!
With Valentines coming, romance scams are going to be on the rise. With Valentines Day coming, its time for the romance scams in full force is a blog post leading to the article we'll use for this discussion although we won't use it like we normally do. We'll use it as a starting point.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow
The Security box, podcast 178: Let's Unravel the Threats of Social Engineering
Hello everyone! Welcome to the security box, podcast 178. On this podcast, we're going to talk about the landscape, the news, and the crazy. We are also going to talk about the threats of Social Engineering as well. We give you the best blog posts of the week as well. We hope you enjoy the program, and make it a great day!
Today, Lastpass will lead the discussion with Unraveling the Threats of Social Engineering which was a great find. I don't know about you guys, but we need to be on guard and ready as much as we can. We can all be phished, scammed and Cory Doctorow's article is linked to Even the Best can be Scammed, check this article out which I wrote in my response to the article. So since we can all be targets, it starts with knowing what to look for by reading Lastpass's article and learning what we could do differently and learning by the other true story.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
For full show notes including things talked about, please see the blog.
The Security box, podcast 177: passwords, Oh My! The Perils of Employee Password Misuse
Welcome to podcast 177 of the Security Box. On this podcast, we seem to be on a password discussion, as lots of articles have come out in regards to the subject. Our topic even will include talking about passwords. We'll also have things to ponder, possibly some morons, and a great time as always!
These notes are annotated for RSS. Full notes on the blog.
Mercedes, its your turn. Apparently, you had something open on your Github account. The thing is, you're not the first car company to have issues, although you never said that there wasn't a problem, you did fix it with Github assisting as well. A password is mistakenly published, source code, blueprints and more once at risk is the blog post where you can read more about this one. Good job, guys!
Microsoft, you aught to be ashamed of yourself. You decided to give a test account admin privelages, then let the account go to legacy status. Then, because its an administrative account, someone finds it and abuses your systems. Great job! Ars Technica has the complete details. In major gaffe, hacked Microsoft test account was assigned admin privileges is the article.
We haven't blogged this at the time of these notes, but this is a good topic. The Perils of Employee Password Reuse comes to us from Lastpass and Amber Steel. Let us know what you think.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security Box, podcast 176: open forum, and one of the biggest breaches we've seen to date
Hello folks, welcome to the security box, podcast 176. This podcast is mainly going to be an open forum, but we will have some topics coming. We might have some morons, some things to ponder, and whatever is on the minds of those that come on live.
This is not meant to be exhaustive, but the following blog posts may be talked about in no particular order. Some may be talked about but not listed here, so check the blog for complete details.
- 16.6 million people affected, no info on what was taken
- Breach forums maintainer gets time served, never spent time in jail, lots of restrictions placed on him
- Trezor gets owned for a second time
- 15 million Trello users apparently breached
- TA866 is back to sending out email
- New sets of data, including have I been pwned data out in the wild (naz.api breach)
- Sans news bites for January 19, 2024
- Three are three domains that I wouldn’t buy
- Sans news bites for January 23, 2024
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 175: Threats targeting the airline industry through the dark web
Hello folks, welcome to the security box, podcast 175. I've been out sick, and now we're back to bring you what we wanted to bring you this past week. We've got news, notes, the landscape, two morons, things to ponder and a topic dealing with dark web threats targeting the airline industry. Thanks so much for listening and make it a great day!
We have to start with the moron who thought it would be a good idea that a database be left wide open for people to peruse the data. This database is a Mongo DB database, its similar to SQL where data is held and can be gotten at when needed. While this is a real estate app, this was definitely not done with security in mind.
blog postIf we've not had enough with Chat GPT, this aught to stand your hair right up. This data breaches article talks about how Chat GPT was made to give out ransomware software and now 4 are arrested. This aught to get more interesting.
ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concernsCarrying over some items that we just will run as part of this week's program, we've got some doozies. We'll blog anything we didn't yack about as I continue to recover.
- 23 and me must be wanting to play the blame game. They claim that their incident is our fault, and they then are going to fix whatever security holes were caused by whathappened? Yes, we are at fault with reusable passwords, but you don't have two-factor on any accounts, so its a double whammy and part of it is yours. Here's my blog post from 2023 about this particular problem. I don't think its gotten any better there and they haven't really been better.
- Sans News Bites is back, and I still need to blog some others. My goal was to get two done, but I have the one from the 5th of January. As we move forward from my illness, we'll record them as we get them. Check the blog for ones not covered in audio. Here's my blog post for Jan 5th for those who want to find it easily.
- We're interested in audio dealing with predictions and Trend Micro has one for their predictions. This comes from their trend talks threats podcast series on their youtube channel.
- We also have top breaches that I found from Have I been Poned that I recorded before my illness took over. This list changes, and we'll bring this to you each week.
Find something that you want to talk about? Use a file sharing service to get us the audio and you'll be featured.
Our topic this week comes to us from Phishlabs. Dark Web Threats Targeting the Airline Industry is the article and we'll step through this one. Hope you'll find it of interest as everyone travels.
The Security box, podcast 174 for January 3, 2023
Welcome to podcast 174. On this podcast, we're just traversing the landscape and some of our longer posts and things that caught our attention. In most ways, this isn't complete, but just some. Terry, Nick and I take you along for the ride. Enjoy!
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 173: HHS not doing anything except for ransomware
Hello folks, welcome to podcast 173. This is going to be the last podcast of the year as it comes to live programming. Don't worry, we'll continue to blog things of importance, and I'll look through our podcast notations for some good things and put out a final podcast of the year. Our next live program will be on January 3, 2024. On this edition of the program, we'll have our news and notes segments, the moron, two things to ponder which are extended versions and of course our topic dealing with the HHS and their fine on an agency who got breached.
We have two things to ponder segments and both are extended versions and information packed. The first one is being cross posted through this podcast and our Security Hour which may air it any time it wishes. The segment talks about 1 in 4 people falling for scams and getting in to trouble. Besides falling for scams, there is one thing most people don't do and it'll shock you. Read More on the tech blog with the blog post titled 1 in 4 fall for scams to learn what is going on and what is recommended. The second talks about a very interesting email I got and how it could actually fool someone. At recording time, the domain was unreachable, although the group was given a different file which could not be resurrected for airplay here. Here is the blog post titled Did you think you were going to get me? You’ve got to try harder if you wish to read it. It too, will be crossposted, but I didn't mention that here.
Our set of morons are completely interesting. They thought they'd steal a car, taking everything from one person, but yet doing something that they weren't expecting. These guys were expecting an Iphone, found an Android and handed it back. They still took the car and possibly other items. Read the blog post with the accompanying article. You won't believe this one. Or will you?
You must be kidding me, right? Lots of breaches, ransomware cases and the like yet the HHS doesn't do much to enforce anything in my opinion. We have several articles on the HHS settling in certain cases like the Ransomware we're talking about today, or the HIPPA violations in another case, but most of the time its unchecked.
This week, HHS announces settlement on ransomware case is our article. It is a good start, but as we've said, there have been a lot more. Let us know what you think.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 172: The Q3 Payload report
Hello folks, welcome to the Security Box, podcast 172. On this podcast, we've got two different morons, a look at the landscape, a few things to ponder and our topic dealing with the Q3 report on the landscape which includes QBot and other variants out there causing havoc.
For things to ponder, check the blog.
These are the morons of the podcast.
- Montana, you have got to be kidding me. We talked about this in May of this year, and now, it seems you lose. Seems like your law is unconstitutional and it questions what you're trying to do. While we support you, you've really got to prove why Montana should be allowed to ban the app as just banning it doesn't fix the overall problem. As we've asked, how are you going to enforce it? Here is the blog post titled Montana Loses battle to block Tiktok for now … still thinks they have a case which links to prior coverage and arguments. Have fun with this one.
- We have two Ukraine stories in recent posts, but one of these is our moron. Ukrainian gets 8 years argues that 8 years is still not enough for stealing and selling personally identifiable information on the darkweb and profiting from it. At least this suspect got caught, and we can celebrate just a little bit. The JRN did not copy his name.
On this week's program, the Q3 Payload report is going to be the topic. Looks like QBot is still at the top, even though they were dismantled. This was quite interesting. There are two different Rats that are part of the problem now, and these aren't rodants. These are Trojans. In this terminology, Rat stands for Remote Access Trojan. Phishlabs has this article and its titled Q3 Payload Report and you should read it in full if you wish to do so. You'll thank us later.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 171: The top level domain that harbors a malicious shortener is ...
Welcome to the Security box, podcast 171. We hope that each and every one of you have had a happy Thanksgiving and have recharged your batteries. On this edition, we're making it official and am bringing back the things to ponder. We'll explain what we're going to do and we put it in practice last podcast. If these things to ponder have blog posts, we'll link them from right within the program's show notes so you can read what we're talking about. We'll also have news, notes, any moron of the podcast and our topic talking about URL shorteners and a recent trend with them. We hope you enjoy the show as much as we have bringing the show for you!
For full notations, please see The Blog as we'll link to other things we don't have room here to cover.
According to a recent article from Brian Krebs, the most prolific domain now that has a URL shortening service that pumps out scams, phishing and just all around bad is the TLD that belongs to the United States. Read my thoughts and find a link to the article right here. The Top level domain for the United States now harbors malicious URL shortening service is the article title, and I hope you give it a gander.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 170: Password managers
Hello folks, welcome to the podcast. We're talking about password managers in a big way today. Links to the major managers are given. Its not a complete list, and there may be others I'm not aware of that may be trusted or we don't know much about. We bring back things to ponder in a different way and you'll get a taste of this in this podcast. I hope you enjoy the program as much as we have bringing it together for you. Happy holidays from all of us at the JRN!
Today, we've got two for you and they're both blog posts.
- How much does social media cost underground?
- Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over?
Want your opinion known in this segment? Send an audio file!
Below, please find the list of managers we talked about. Again, this isn't a complete list. Make sure you listen to the first segment which explains why we decided to put this podcast together.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 169: Generation Z, privacy or lack there of
Hello folks, welcome to TSB podcast 169. On this program, we're going to talk about Generation Z and an article I found that delbt with their privacy concerns. We may also have a moron, news, notes and more.
Temu is now getting sued, Kim Komando called this one is the blog post leading to our moron. We even have an up-to-date minute on Temu too.
Our topic this week comes from the Malwarebytes blog. My blog post What does Generation Z think about privacy? has thoughts and leads directly to the article by David. Let's see what you think.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 168: Threat Actir %g1 Profile %g Strox as a service
Hello folks, welcome to the security box, podcast 168. On this program, we'll see if we've got any morons, a service that is a phishing service, news, notes and more.
If this isn't a moron, I don't know what is. The blog post is titled Tech CEO sentenced to IP addressing scheme which is coming from our blog. It leads to the article we spotted talking about this guy. We may have talked about Micfo LLC before, but this is probably the end of this. Problem: the JRN thinks that 5 years isn't going to be enough and isn't a harsh sentence for the crime. Please sound off if you believe that this is the case.
-----------------------------
If you are prone to email scams, you might want to pay attention to this. One of my MENVI staff was smart enough to contact me to ask if they needed to do what the action in the email indicated. The bad news is that the site truly wasn't MENVI's, it looked nasty and never redirected as I thought it might. An email pretending to come from Cpanel, isn’t cpanel … can you smell trouble? has the complete details of this one. Sound off if you've seen something similar to this and whether you fell for it or not. Its OK if you did. There should be no shame!
----------------------------------------------------------
Solar Winds is getting sued. Seems as though they were never as secure as they should have been, and the CEO among others are getting sued. We thought that something was wrong, seeing how we later found out about how that compromise was completely done. Whether they were compromised by Russia or not isn't the point of the lawsuit, says the article, but boy ... this is probably as bad as you get when it comes to a supply chain attack. Here is the blog post titled SEC sues Solar Winds for fraud, says they are secure and the charges are baseless for your perusal. It can't get any better than this, can it?
Today, we are going to have a very interesting topic that might be known later as a threat. This comes from our friends at Phishlabs. The article is titled Threat Actor Profile: Strox Phishing-as-a-Service and it was a good one. We'll break this down, as phishing as a service now takes hold.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Technology podcast, podcast 378: A True Story of a potential scam
Hello folks, welcome to another technology podcast. On this podcast, we're going to listen to a story on how someone who is blind was looking for something and how he got taken for $1,000. It isn't as simple as it could be, seeing how he used the Twitter web site and we know how that could be since Twitter, know known as X, got rid of their accessibility team.
Back in August, I blogged This is a true story of a blind man losing to a scam … this is a must read which links to a Wired article. The podcast you're about to hear comes from Discarded, a proofpoint podcast. It aired in October of this yeqar and I recently listened to it.
For those who are Apple, here's a link to the podcast. DISCARDED: Tales From the Threat Research TrenchesProofpoint
The podcast is also available through Overcast if you use that.
I hope people find this story of interest, and thanks so much for listening! We'll see you next time.
Tech podcast 377: Bec trends and impersonation webinar
This webinar in July covered email impersonation and BEC things for 2023. Hope you enjoy this webinar from Fortra.
The Security box, podcast 167: Wrapping up NCSAM
We're wrapping up NCSAM with a bit of everything. Hope you enjoy.
The technology podcast, podcast 376: impersonation lookalike webinar
Domains. They're everywhere! In podcast 376 of the tech podcast, we're going back to a webinar that talks about impersonation and look-alike domains. This still happens today, and while it is over 2 months old, it is still valuable. I hope you enjoy the program for this time, and we'll have another webinar next time talking about BEC attacks and domains and email and the like. I hope you'll enjoy. Thanks, Fortra/Phishlabs for putting this together.
The Security box, podcast 166: NCSAM Week 3: Software updating
Welcome to the Security box, podcast 166. On this program, news, notes, the landscape and our thoughts on updating software. Check the blog for all of the latest news we've blogged and remember to subscribe to TSB's email list to get direct articles and comment on things.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Security box, podcast 165: week 3 of NCSAM
Welcome to the security box, podcast 165. We've definitely got at least one stupid moron award, that could be taken in two different ways. Next moron, Twitter, in an interesting move on charging non-paying users for access to twitter $1 a year according to their own twitter notification I saw. The topic this week is going to be on Credit cards, debit cards, online VS offline shopping and what we can do.
This blog post was written after listening to a program on the Cyber Crime network. It talked about TikTok being sued by Utah because they want children on the app. But we think its more than that. Utah may also get this award as a double whammy because "this is what social media is," says TSB staff and Throwback staff. You be the judge!
Next, Twitter Support says that they'll be testing a payment method for those non-verified accounts to pay $1 a year to get access to the service. I forget what country it is, but you can look it up on twitter support's account. If successful, they will bring it elsewhere, and they also could get the stupid fuck award. Good job, guys.
The question is, How should we be using credit cards and debit cards online? Let's discuss this and take it much further. Let's discuss what we can do to use this offline as well.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!
The Securityy box, podcast 164: NCSAM week 2
Welcome to the Security Box, podcast 164. Today, we catch up on some erata we did not get to last time in regards to passwords. We've also got the topic of domains and talk a little bit about the different type of domains and their purpose. We also talk about the guide we published on the blog which will also be linked herein. We have stupid moron awards with links to blogs and much more. This is the program that aired live on October 11, 2023. Thanks for listening!
The Stupid Fuck awardWhile not necessarily security related, we're going to give out the stupid fuck award to a guy who decides that it is OK to cause problems and who knows what with information they found.
Blog postWhile we're dealing with Stupid Fucks, Air Europa, you're next as a company stupid fuck. My diatribe goes in to details, but suffice it to say, this company says that people should change their credit card info as it may have been pilfered, but says the breach is "medium sevarity." Go figure!
blog post DomainsThe topic this week is going to talk on domains. There are a lot of them, and new TLD's being thought of all the time. This blog post only touches the surface, but we did talk about redirections and stories too. We talk about TLD's that have been known for spam, but of course there's a lot more. We talk about IP addresses as well and why we use domains to get around the net.
While not talked about explicitly, this blog post talks about .zip and .shop and their abuse in case you missed it going by.
ErataFrom last week, we talk a bit about credential stuffing and pass phraises.
GuidesOn one of TSB's podcasts, we released a guide to help you as a disabled user who uses a screen reader determine where you're going on the net instead of pressing enter on the "Click here" links you see in spam and phishing. While the blog has a link within our pages, and its linked on EMHS, we want to highlight it again for those who need it. Getting Link information via access technology is the guide, and I want everyone to read it if they haven't read it already. Maybe you'll learn something.
Supporting the podcastIf you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Technology podcast, podcast 375: Chat GPT, the good, the bad and the ugly
While I love webinars, we must be mindful that they aren't mind and must give presenters the opportunity to distribute them. I believe this is Phishlab's webinar, although I could be wrong. Sorry about that if I am.
Welcome to podcast 375. On this podcast, we're going to give you a webinar. This webinar is dealing with Chat GPT. You'll learn the good, the bad and the ugly. It was a very interesting webinar.
Per usual, we give the presenters an opportunity to get it through their network. I believe this is a Phishlabs webinar but i could be wrong.
If I am, I apologize.
We hope you enjoy the program as much as I did listening to it and bringing it to you now. Contact info at the beginning.
Sorry for any tech issue sounding, I'm getting it rectified.
The Security box, podcast 163: NCSAM week 1: passwords and more
Hello folks, welcome to the Security Box, podcast 163. On this episode, we go through the news, talk about a very interesting interview and then tackle our first topic of NCSA
We talk briefly about this blog post about passwords, the reason why it isn't a good idea to share passwords
blog post and a bit about Multi Factor authentication. This blog post will talk more about multi factor authentication.You may see terms like two-step, two-factor or multi factor. All pretty much are the same thing.
We hope you enjoy the program as much as we have bringing it together for you, and make it a great day!
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 162: open forum, week 2
Welcome to the security box, podcast 162. On this edition of the podcast, we'll run through the blog and list, anything else on audience insights and more. This is week 2 of the open forum. Hope you enjoy the program!
The Security box, podcast 161: Week one of Open Forum
Welcome to the security box, podcast 161. On this podcast, we're covering a few notations of the recently released IOS 17, tons of articles from the blog, and having ourselves an open forum. We hope that you enjoy the program as much as we did putting it together for you.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security Box, podcast 160: Freenom sued, drops free domains, more
Hello folks, welcome to podcast 160. On this week's edition, we'll reveal the sudden absence of TSB, we'll have news and notes from around the landscape that folks may have read, and aa very interesting topic that deals with Freenom and the phishing landscape. Apparently, Facebook is in this too. Of course, we'll have any questions answered that people have too. Thanks for your support of TSB and thanks so much for listening!
The sudden departure of TSB was not one the JRN was necessarily prepared for. While we have from time to time rescheduled TSB, and/or took specific holidays off like the Christmas break, Thanksgiving week, and possibly others, this was so sudden.
While working on TSB's release and catching up its EMHS page we got a message on Dice World. While that wasn't out of the ordinary, as I have gotten messages on Dice World before, the source and what the message contained was one of shock and grave concern.
The short version is that the JRN's MENVI helper, Janet Quam, passed away on the 30th of the month of August. While I have been told numerous things, a letter which I published on September 10th goes in to what Janet did with the network from various podcasts which don't exist anymore, to tech skills and a willingness to learn.
There was no health related stuff discussed except to state that we were aware of health concerns. To read the letter, please read the blog post titled A death across the network, here’s a letter.
It links to a Youtube copy of the funeral. MENVI's links page also has a link to the Obituary. We thank you for your support! A song appropriate will be played at the end of the program when we play music.
Our topic comes to us today from an article which was published to Krebs on Security on 5/31. Its titled Phishing Domains Tanked After Meta Sued Freenom. As we've talked about on Throwback, we've now got other issues because of this suit, and other top level domains that are now taking what the free domains did. We'll make sure to bring this up.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 159: Fraudulent activity, Retail and the dark web
Welcome to the security box, podcast 159. On this podcast, we're going to have a two-part article discussion dealing with fraudulent activity when it comes to retail and the dark web. This came to us via Phishlabs. Besides that, we may have some stupid fucks to talk about, the landscape as usual, and your comments and questions if any.
I found an article I posted to the blog on August 30th that talks about the U.K. wanting to ban IOS updates unless its approved. Like that's going to solve anything except problems for us useers who may either travel to the UK or live there. Here's the blog post I wrote that posted before the show. Good job, UK government for earning the stupid fuck award.
This is a two part article coming to us from Phishlabs.
- Top Fraudulent Activity Targeting Retail on the Dark Web
- Top Fraudulent Activity Targeting Retail on the Dark Web – Part Two
The Security box, podcast 158: The 1.3B Facebook fine
Welcome to podcast 158 of the Security Box. On today's podcast, we've got at least one moron, we've got an interesting topic that deals with Facebook getting fined, again, and of course we'll cover the landscape and what has been read and blogged as of late.
- Who the hell is Global phishing 16 service? Well, someone or multiple someones have been picked up. Karma Catches Up to Global Phishing Service 16Shop comes to us from Krebs on Security and was quite an interesting read. According to Krebs, this outfit has been around since 2017 and really had a name for itself when it came to having people pay on time, making sure their tools were not given to anyone who did not pay and more. While the concept was novel, people got caught, so please enjoy your stupid fuck award.
- Nice to see some arrests of a couple dozen more stupid fucks in this one. Two dozen arrested, hundreds of malicious IPs taken down in African cybercrime operation comes to us from Cyberscoop. While the article isn't long, we now learn there is a new threat that knows what they're doing. Better read this one!
The article we're going to take from is an article we posted back in May. The title of this article is What the record-breaking $1.3 billion Meta fine means for the US-EU clash over spying programs and it comes from Cyberscoop.
I guess we'll have to see what happens with this, as I don't think we'll be done with this yet. If there are any updates, we'll be posting these updates to our list and blog where applicable.
Supporting the podcastIf you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 157: A Different type of Ransomware Demand
Welcome to the security box, podcast 157. This week, we ay be talking about a very interesting topic coming out of connecticut which might or might be a moron. We'll talk about other news and notes from the landscape, and yes, today's topic is on ransomware groups and one which says you should pay the money to charity instead of the group itself.
We are going to link to the stories that deal with our moron(s) of the podcast.
- 10 people, including 16-year-old youth arrested for suspected involvement in malware scams Databreaches
- Five arrested in Poland for running bulletproof hosting service for cybercrime gangs — Europol databreaches
- Florida Healthy Kids notified by Maximus of MOVEit breach databreaches
- Diligere, Equity-Invest Are New Firms of U.K. Con Man Krebs On Security
Florida Healthy Kids is a very interesting story, mainly because of who they are partnering with. I guess we'll see what happens with them.
Today's topic comes to us from Cyberscoop way back in May. I've not seen another group do this, and I think its a one of a kind deal. I wish I were on that charity list, although I don't take crypto, but proof of donation would all that it would be.
Today's article is titled A different kind of ransomware demand: Donate to charity to get your data back which should be read just the same. If someone you know was hit by this group, did they get their files back?
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 156: What have we learned from the Russia/Ukraine war and how to protect ourselves?
Hello folks, welcome to the Security Box. This is program number 156. On this episode of the program, we're going to talk about a very interesting article that was published back in April on what we've learned about stopping Russia's hackers since the war has started. Also, this program will have news, notes, the landscape and much more.
The following two articles are related and one may have more than the other. Is possible sentencing guidelines enough that fit the crimes?
- NYC couple pleaded guilty to money laundering in Bitfinex hack Cyberscoop
- Husband and Wife Plead Guilty to Money Laundering Conspiracy Involving the Hack and Theft of Billions in Cryptocurrency databreaches.net
This is an April article titled What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine coming to us from Cyberscoop.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 155: What's going on with age Verification?
Welcome to the Security box, podcast 155. On this program, we've got an update to Age Verification which we've not seen any update since. This Verge article may be something that could be of interest if it turns out to be true. We'll also talk about the news and notes from the landscape and much more.
We've covered age verification through the years, and this blog post from May 2023 covers the Verge's article in which we're going to take from. This is their article titled Online age verification is coming, and privacy is on the chopping block which I link to in my post. What do you guys think?
The security box, podcast 153: 13 DDoS for Hire services shut down
Hello folks, welcome to program 154. On this edition of the program, come with us for some news and notes, a recollection of someone who can change after making mistakes, and a topic talking about DDoS for hire services that have been shut down within recent times which could be a good thing.
Kevin Mitnick recently passed away on July 16, 2023. He did have an interesting career, a criminal in his early years to a security consultant after the fact.
Brian Krebs sent the news through on Mastodon, and we blogged about it on the same day ... July 20, 2023.
Below, please find the books Kevin wrote. Note that the blog post does mention these and what is available also on BARD. I attended one of his webinars that KnowBe4 put on and it was excellent!
- Kevin Mitnick, Steve Wozniak and William L. Simon
- Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
- The Art of Deception: Controlling the Human Element of Security
- The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers 1st Edition
- Kevin Mitnick and Mikko Hypponnen
We blogged about this on the blog, and now its time for it to be talked about. This is a Krebs on Security article titled Feds Take Down 13 More DDoS-for-Hire Services which I found was quite good. Let's see what you think and our contact info will be given throughout the program.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 153: Bould Spy
Hello folks, welcome to the Security box. This is program 153 and on this edition of the program, we're going to talk about a potential new threat that we might need to learn about. We'll also have potential morons that has crossed our desk, news and notes from around the landscape and more.
Think I’m harping too much on checking your stuff? Here’s why you really should … this is a true story shouldbe read. It links to a file which will only be available for a limited time which has the story. This came from Cybercrime radio and thanks to DJ Terry for giving us a heads up on this one. Now people should be happy that I harp on making sure that you are as safe and secure as possible. Thank me later!
There's a difference between a data leak and a breach. A leak may in most parts be an accident, where a breach was intentional. My blog post Data Leak at Virus Total was only a subset, data removed has a link to the story. Let's just say that Google did everything as right as they could. Once notified, they removed said data an d launched an investigation on how the info got on the popular AntiVirus scanning application. You can't have it any other way. If a mistake happens, fix it as quickly as possible!
Our first moron today comes from a company called HikVision. This blog post titled: Use Hikvision cameras? You might want to be made aware of this goes in to the fact that this company just doesn't understand what might be going on with their network and their devices. Having QR codes to basicly log in to the camera yields very interesting results. Better read the accompanying article for more. You might want to be sitting down for this one.
Second: From Cyber Crime radio: Magaine: Bangladesh Data Leak Exposes 50M Citizens. This is the topic for their July 13th airing and this has to be a complete joke. We'll play this file as part of the program.
Our topicMove out the way … Bold Spy is right there with spy tools like Pegasus is the tech blog where you'll find commentary and an article that talks about something called Bold Spy. Its got tools that others are using and possibly more. Feel the threat yet?
Did you read Think I’m harping too much on checking your stuff? Here’s why you really should … this is a true story yet? As an extra, we play the audio podcast from CyberCrime Radio which sparked the blog post. This is of course within the last music set. Listen to the Cybercrime Radio piece, it really hit home on why this accompanying blog post was written.
The Technology blog and podcast podcast 374: Adnroid accessibility discussion
On this podcast, a great video that was posted to Mastodon talking about what's coming to Android in 2023. But then I have questions dealin with the abuse of accessibility tools. Using Yellow Camera as an example, are these changes meant that people might be safer if they make a mistake? Contact info at the end. Thanks for listening!
The Security box, podcast 152: our three year anniversary
On this edition of the program, we've got an open forum of topics. Lots of them have been covered through the years while others have been covered on the blog or TSB's email list. We hope that you enjoy the program as much as we put this together for you. See you next time!
The Security Box, podcast 151: BEC is back, let's learn what might be new
Welcome to the security box, podcast 151. I hope that each and every one of you have had a great July 4th holiday. On today's podcast, we're going to have an updated discussion on BEC which stands for Business Email Compromise. On top of that, we'll see what else the landscape has to offer. We hope you enjoy the program and thanks for listening!
Stitcher is closing. If you are affected by the change, please contact me at jaredrimer at 986themix.com and let me know about it. Let me know what podcast you're coming from so I can get you a new link. They've let us know that they're shutting down as of August 29th, 2023. Thanks for your support of our podcast!
This time, our article comes from Phish Labs. Its a good one, and probably updates our stats on one of the businesses biggest problems, Business Email compromise. What to Know About Business Email Compromise (BEC) Scams was written in April.
The security box, podcast 150: Ransomware Gangs giving us ransomware witha helping of zero-days
Hello folks, welcome to the Security Box, podcast 150. We're made it! On this podcast, we're going to talk about Ransomware gangs and the fact they're now using zero days. We may or may not have a moron, we'll cover the news and we'll see what else people have to say as the program progresses. Some Strong Language.
Stitcher is closing. If you are affected by the change, please contact me at jaredrimer at 986themix.com and let me know about it. Let me know what podcast you're coming from so I can get you a new link. They've let us know that they're shutting down as of August 29th, 2023. Thanks for your support of our podcast!
This week's article comes to us from Cyberscoop. Its titled Ransomware gangs increasingly deploy zero-days to maximize attacks and was tagged as a topic. For the 150th episode, this couldn't be more appropriate.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 149: Emotet is back, bigger and badder than ever
We did have some participation, full notes are here. No replay on Clubhouse though, sorry about that!
Welcome to the Security box, podcast 149. On this podcast, we may or may not have a moron, we'll definitely have news, notes and the landscape and a topic talking about a threat we thought was long gone.
I stumbled across a video from a Youtube Channel which I am not familiar with. While Nick was in my JRN working room, I decided to see if there was an article about this. While the podcast gets a 9 minute video, check out this article titled India first democracy to ban encrypted messaging apps on massive scale. from a site called tutanota.com. They must be a news related site, name sounds familiar to me. Have fun with this one!
Here's the youtube video from Mental Outlaw if you want to watch this instead of listening to it.
The article comes to us this time from Phishlabs. Emotet Returns from Hiatus, Trails QBot in Q1 Volume is the title.
Are you surprised that this is the case? We know that Emotet was taken down in a crqackdown, but like most things, they come back in this industry. Feel free to view the article for complete details or download your copy of the show to hear our thoughts.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
TSB 148: Nation-State Actors go after cloud providers who have customers that have weak passwords
Welcome to the security box, podcast 148. On this podcast, I may have a complete moron with a company, we'll have news, notes and more. The topic deals with passwords and it isn't looking that great.
We stand in solidarity with you, Reddit users. Reddit is taking advantage of the situation just like Twitter did so many months before.
Apparently, Reddit has decided to do the same thing. One article says they're only charging $0.24 per 1,000 calls to their API, but people indicate its much different. The cost is $12,000 per month or roughly up to $20 million per year according to some estimates. Here are the blog posts as of writing in regards to Reddit.
- Accessibility apps will be free for API use on Reddit
- Reddit communities to go dark on June 12th, setting themselves to private
- Reddit to charge $12k for 50k calls to API?
- Its Official, Apollo shutting down
- Here’s an ars article on Apollo
Van Nuys is not too far from where I live in a town called Woodland Hills. I go through there every time I take the bus. According to a KNX article which is very short, it says a guy from there was caught selling drugs on the dark web. Here is the blog post from the tech blog titled Van Nuys man pleads Not Guilty to selling drugs online which links to the KNX article.
In Case you missed it, I finished Tracers in the Dark. It was a very interesting book, one I didn't want to put down until I did. Book Review: Tracers in the dark, by Andy Greenberg is the blog post and I'm not giving anything away.
Our topic comes to us from Cyberscoop. It was an interesting read. The article is title Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says and I found it interesting. This proves again that we need to make sure that our users are using strong passwords or pass phraises. Don't worry, Cyber Security Awareness Month is coming up, so TSB will be starting all over again with basic stuff when it comes to your security.
I hope that every single person will enjoy today's program, and thanks so much for listening!
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.
The Security box, podcast 147: Unpacking the Structure of a Ransomware Group's Business Model
Welcome to the security box, podcast 147. On this edition of the program, I believe I have a very interesting but true story that must be told with the names being changed to protect the innocent, or is it guilty? We've got a very interesting article talking about the structure of ransomware groups, and no, we're not talking about specific named groups, just something that probably wouldn't surprise someone who reads this type of news. We'll see what else the landscape has to offer with news, notes, questions and more.
Someone recently got someone fired as part of a grudge where someone heard something they said and decided to look them up and email a copy of what they said to the employer. This is the first time we've seen this in the phone world and we hope it isn't going to happen again. Live version with names changed to protect the innocent, or are we protecting the guilty?
The following is a Trend Micro article which we found very valuable. Unpacking the Structure of Modern Cybercrime Organizations is the title of this article and well worth the read. Question for readers and listeners to the live or podcast edition listeners, are you surprised? Let's discuss this one.
If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.