March 10th, 2021

My tweets

  • Tue, 13:26: tech blog Vulnerability summary for the week of February 22, 2021: I’m finally getting around to looking at the vulnerability summary for February 22, 2021 which was received on March 1st. There is one item that is a 10 which is the highest… https://t.co/uzWf4EnrUM check it out!
  • Tue, 13:32: tech blog Vulnerability summary for the week of March 1, 2021: This is the link to March 1st vulnerability summary and there is yet another 10 at the bottom of the high section. Several Google Android listings in this one. If you find… https://t.co/nQTUYZEoaU check it out!
  • Tue, 15:23: Krebs on security Warning the World of a Ticking Time Bomb: Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has… https://t.co/hZOVvXY6MQ https://t.co/xdh7mPvRIH
  • Tue, 18:41: Cyber scoop Is Congress finally ready to pass meaningful ransomware legislation?: During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital… https://t.co/zGxOju2i8B Check it out! https://t.co/dEHCwM7oai
  • Tue, 19:49: Last Pass presents Expanded Data Storage in India Provides Flexible, Secure and Local Data Residency to Customers: LastPass is proud to announce that we have expanded our global data footprint into India to better serve the APAC market. Tohttps://t.co/un26qbQdEG check it out https://t.co/wJJhAiW5P7
  • Tue, 22:00: Cyber scoop South Korean cops arrest GandCrab suspect: South Korea’s National Police Agency said Tuesday that it had arrested a suspect involved in the distribution of thousands of emails laced with GandCrab, a once-prolific strain of… https://t.co/O2q41Ieeq8 Check it out! https://t.co/K4CopcyLz7
  • Wed, 03:30: The Source presents Time change for this week’s South Bay Service Council Meeting: Due to unforeseen circumstances, this month’s South Bay Service Council meeting will be held at 2 p.m., rather than the usual time of 9:30 a.m. Hopefully this gives some… https://t.co/X8JDS6qWTd https://t.co/OeeOhAZ4sP
  • Wed, 07:20: Krebs on security Microsoft Patch Tuesday, March 2021 Edition: On the off chance you were looking for more security to-dos from Microsoft today...the company released software updates to plug more than 82 security flaws in Windows and other supported… https://t.co/8W8ausTRTl https://t.co/1VE6wW6UaL
  • Wed, 08:31: Trend Micro Search: March Patch Tuesday: Fixes for Exchange Server, IE: This month’s Patch Tuesday includes fixes already released for the Microsoft Exchange Server zero-day flaws attributed to Hafnium attacks. https://t.co/kwNgjCa0lO Check it out! https://t.co/T1HRDY3srb
  • Wed, 09:03: RT @jrimer2008: tech blog 2.275 of Braille2000 is now out!: Problems addressed In UEB, when translating digits followed by some punctuation…
Collapse )

The Indep3ndent artist spotlight, broadcast 162

Here is the file for this past week's show (212.80mb) and i hope you enjoy the program.

Due to my error, i didn't merge the files for the last program 283, so deleted its accompanying playlist. We'll have another 283 for this week and do a better job.

Here's the playlist for 162 of the show you're downloading.

We start broadcast 162 of the independent spotlight with a feature track from Keybone.

Kehinde Oladele Arifayan professionally known by his stage name Keybone, is a Nigerian independent rap and hip hop recording artist, born and raised in
Lagos, Nigeria. Keybone releases "Your Number One" as the first single off his forthcoming album titled; "Going Pro, Vol. 2". Your Number One is a song
reaffirming importance and solidifying that the pole position belongs to nobody else. A groovy tune with clear statements of reassurance about how nothing
matters but Keybone's confidence in himself cements his status as the leader of the next breakout talents of this era. Your Number One has a conscious,
dance and feel good vibe, which will be available for streaming and download on the 12th of February, 2021.

Website for Keybone

Set 1:
Keybone Your Number One 03:52


Set 2:
LOOT Press On 04:20
LOOT Get You Some 04:11
LOOT Top of the World 03:49

Set 3:
Scott Lawlor & Wings of an Angel Listening To Music On Your Red Days Is Like Looking Deep Into The Eye Of A Hurricane 09:25
Scott Lawlor & Wings of an Angel Unlike The Eternal Charms Of Music And Sleep, Reading Literature Is The Senseless Unavoidable Doom Taken To Its Extreme 10:03
Fae Moonbeam God Rest Ye Merry Gentlemen 04:29
Fae Moonbeam Tanz die Zuckerfee (Dance of the Sugarplum Faeries) 02:25
Fae Moonbeam Pat-a-Pan 05:02
లిక్విడ సంరక్షకుడు ఒకటి 02:56
లిక్విడ సంరక్షకుడు రెండు 06:33

Set 4:
Adina Spire Kontakion Hymn 14:37
Anne Garner Warmer 04:34

Set 5:
Substrata Perspectives 05:37
Extraworld Valles Marineris 04:25
Travesdy Osis 09:28
thoughtExperiment Electric Blue Onion 08:43
Gunuph The Lake Hides a Secret 05:48
WHΛLTHISИEY I am what you are 03:45
Patient Mesh (Machine) 06:48
Siberian Silence Tanas Dream 08 09:56
Aaron Bergman All Than 03:36
Starthief Iceberg 04:45

Set 6:
Ninety Pounds of Ugly All All Alone 02:34
Minstrel Spirit Distant dreamland 04:19
Ty Gibson Love Sweet Love 03:36
Viviana Guzman Fantasie no.7 in D Major 05:48
Suchitra Lata Night Skies 03:32
Suzanne Teng Light of the Heart 08:55
Tatiana Kochkareva What Is It 03:34
Eleanor Hodgkinson No. 4 in A flat major, Two Impromptus D899 (F Schubert) 07:58
Emma Wallace Da Vinci II 02:51
Endless Blue Low 05:03

end of program

The Security Box, podcast 34: The Rest of Keylogging, news, notes, note takers and their security, a

This week had no listeners on the live recording of today's program but that's OK. It is going to happen. I present you program 34 and its accompanying show notes for you to enjoy. If you have comments, please feel free to contact me.



Here is 130.94mb file for everyone to get. Its on the RSS feed already.

Here are the show notes.




Welcome to podcast 34 of the Security Box. On this edition, we'll pick up where we left off on the Key Logging aspect of our discussion and we'll have news, notes, commentary and more. We also have something from Michael in Tennessee who sent us a video of 12 Android apps you must get rid of. Some of these, are quite interesting. Hope you enjoy the program as much as I am bringing it together for you.

Topic: Continuing Key Stroke Logging



This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

News Notes and More



[Error: Irreparable invalid markup ('<ul [...] https://technology.jaredrimer.net/2021/02/27/wetransfer-has-now-joined-the-services-that-can-be-and-has-now-been-abused-for-phishing-lures/">') in entry. Owner must fix manually. Raw contents below.]

This week had no listeners on the live recording of today's program but that's OK. It is going to happen. I present you program 34 and its accompanying show notes for you to enjoy. If you have comments, please feel free to contact me.

<ul>
<li> Email/imessage tech at menvi.org </li>
<li> Text/whats app 804-442-6975 </li>
<li> Station email/imessage also works <a href="http://www.986themix.com/djcontact">go to the contact the DJ's page </a> to learn more </li>
</ul>

Here is <a href="https://www.sendspace.com/pro/dl/7w8kce">130.94mb file </a> for everyone to get. Its on the RSS feed already.

Here are the show notes.

<hr>

Welcome to podcast 34 of the Security Box. On this edition, we'll pick up where we left off on the Key Logging aspect of our discussion and we'll have news, notes, commentary and more. We also have something from Michael in Tennessee who sent us a video of 12 Android apps you must get rid of. Some of these, are quite interesting. Hope you enjoy the program as much as I am bringing it together for you.

<h3> Topic: Continuing Key Stroke Logging </h3>

This may take several programs, but we must cover keystroke logging. We take from <a href="https://en.wikipedia.org/wiki/Keystroke_logging">the Wikipedia page on keystroke logging </a> so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

<h3> News Notes and More </h3>

<ul title="News Notes and articles of interest&gt;
&lt;li&gt; Looks like dropbox, google documents and other file sharing services are not out of the woods yet. A new player in town that I&#39;ve talked about now joins the fray. Wetransfer was talked about on the technology blog and podcast some time ago, and its now going to be part of the problem. &lt;a href=" https://technology.jaredrimer.net/2021/02/27/wetransfer-has-now-joined-the-services-that-can-be-and-has-now-been-abused-for-phishing-lures/"="https://technology.jaredrimer.net/2021/02/27/wetransfer-has-now-joined-the-services-that-can-be-and-has-now-been-abused-for-phishing-lures/&quot;">This Tech blog post: Wetransfer has now joined the services that can be and has now been abused for Phishing Lures </a> covers my thoughts on this and gives an example of a link that is valid verses the link that they show that is not valid and could lead to some big time problems. Zloader is the malware out there and I link and will link to the article from Phishlabs <a href="https://info.phishlabs.com/blog/surge-in-zloader-attacks-observed" <="&lt;">Surge in ZLoader Attacks Observed </a> so that you can read my thoughts, or just decide to read Phishlabs coverage on this. </li>
<li> Looks like Lastpass is offering the ability to allow people to use SMS or voice calling for their second factor. I'm a little bit confused because I thought we can select it as well as our already existing two-factor method like the app or SMS already. This is the best thing that can come out of it, having a second factor of your choosing. <a href="https://blog.lastpass.com/2021/02/lastpass-now-offers-the-flexibility-to-authenticate-with-sms-passcode-voice-call-or-yubikey/">LastPass Now Offers the Flexibility to Authenticate Into the Vault & Single Sign-On Applications With SMS Passcode, Voice Call or YubiKey </a> is the article, please check it out. </li>
<li> Security Now, podcast 808 is being listened to, and they're talking aobut the Solar Winds password which was solarwinds123. This password was used to log in to one of their servers. According to the new CEO, this password was used from 2017 until it was changed in 2019, roughly two years after it was first used. The old CEO said it was an intern who set that password and it was changed upon discovery of it being published on a GetHub page. </li>
<li> Speaking of Solar Winds, there are apparently three more malware strains of this out there in the internet. Tim Starks, the writer for Cyberscoop, goes on to talk about these new strains. Fireeye called one of them SunShuttle, while two more strains Microsoft named GoldFinder and Sibot. SunShuttle was named by Microsoft to GoldMax. <a href="https://www.cyberscoop.com/researchers-uncover-four-more-malware-strains-linked-to-solarwinds-hackers/">Researchers uncover three more malware strains linked to SolarWinds hackers </a> is the article on this latest development and we're still quite involved in this one. </li>
<li> There are articles out there that talk about Microsoft having trouble with their exchange server. According to one of the articles, there are 4 such holes in Microsoft's software that has been patched the week of March 6, 2021.
<ul title="articles">
<li> <a href="https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/">Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails </a> Krebs on Security </li>
<li> <a href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/">At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software </a> Krebs on Security </li>
<li> <a href="https://www.cyberscoop.com/microsoft-exchange-server-czech-republic-norway-hafnium-chinese-hackers/">Victims of Microsoft Exchange Server zero-days emerge </a> Cyberscoop </li>
</ul>
<li> Another Payroll company has been hit, this time, in the ransomware department. The article was written by our good friend Mr. Krebs and the response is typical of a ransomware attack. They also do HR work as well. According to the article, they have processed at least $80 billion in payroll money. They had hoped to have operations back up within a matter of days, but numerous PEOs as they're called were effected by the outage. PrismHR is the best thing out there according to the article, as other options have different issues that are documented. For complete details, check out the article <a href="https://krebsonsecurity.com/2021/03/payroll-hr-giant-prismhr-hit-by-ransomware/">Payroll/HR Giant PrismHR Hit by Ransomware? </a> as there is more than what is being documented here. </li>
<li> The hackers are also getting hacked. Talked about also in a recent podcast of the Cyberwire, Krebs is getting some well deserved recognission on this one. The Cyberwire names a fourth in their coverage, but when I read this article, I just had to chuckle on this one. There are definite indicaters this is true including a private encryption key, ICQ numbers, and possibly more. <a href="https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/">The article Three Top Russian Cybercrime Forums Hacked </a> should be read for more. </li>
</ul>

Other things

<ul>
<li> Michael in Tennessee sent me <a href="https://youtu.be/muhb_a2tvtw">12 Android Apps you need to get rid of </a> and we've got this video. These are some scary things the gentleman talks about in here, better watch what you're getting out there in Android world. </li>
</ul>

End of program