mudcat.org: Tech: Online security issues
Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafeawe

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Online security issues

Stilly River Sage 14 Sep 20 - 12:04 PM
r.padgett 14 Sep 20 - 01:55 PM
Stilly River Sage 14 Sep 20 - 03:38 PM
Tattie Bogle 14 Sep 20 - 04:31 PM
Stilly River Sage 15 Sep 20 - 12:46 PM
Mysha 15 Sep 20 - 02:04 PM
JHW 15 Sep 20 - 02:59 PM
Stilly River Sage 15 Sep 20 - 08:56 PM
Bill D 15 Sep 20 - 09:59 PM
Stilly River Sage 16 Sep 20 - 10:35 AM
Stilly River Sage 17 Sep 20 - 04:28 PM
Donuel 17 Sep 20 - 05:33 PM
Stilly River Sage 04 Jan 21 - 12:09 PM
Stilly River Sage 20 Apr 21 - 02:11 PM
DaveRo 20 Apr 21 - 02:50 PM
Stilly River Sage 20 Apr 21 - 03:25 PM
Joe Offer 20 Apr 21 - 03:39 PM
Stilly River Sage 20 Apr 21 - 09:22 PM
Jon Freeman 21 Apr 21 - 05:58 AM
Stilly River Sage 21 Apr 21 - 02:20 PM
Stilly River Sage 28 Apr 21 - 11:56 AM
GUEST,.gargoyle 28 Apr 21 - 07:24 PM
Stilly River Sage 08 May 21 - 05:51 PM
Joe Offer 08 May 21 - 06:11 PM
Stilly River Sage 09 May 21 - 12:47 AM
DaveRo 09 May 21 - 03:15 AM
GUEST,Jon 09 May 21 - 03:42 AM
DaveRo 09 May 21 - 04:04 AM
DaveRo 09 May 21 - 04:15 AM
GUEST,Jon 09 May 21 - 04:38 AM
Stilly River Sage 24 Jul 21 - 03:11 PM
GUEST,.gargoyle 24 Jul 21 - 06:56 PM
Stilly River Sage 10 Aug 21 - 10:03 PM
BobL 11 Aug 21 - 03:57 AM
DaveRo 12 Aug 21 - 02:21 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:




Subject: Tech: Online security issues
From: Stilly River Sage
Date: 14 Sep 20 - 12:04 PM

I looked through the last three years of Tech topics here at Mudcat and don't find one general enough for this topic. I regularly post articles about things going on with Windows updates and bugs, and when Amos was alive and using his Apple devices he would occasionally share Sophos security posts, but this is beyond the machines themselves, this is the phishing and gotcha and trojan ware and malware problems and ransomware and more.

ZDNet posts some good articles, as does Malwarebytes, and CNet on occasion. And there are plenty of other good sources that those of you who pay attention to this might want to share.

COVID cybercrime: 10 disturbing statistics to keep you awake tonight

"Nine out of 10 coronavirus domains are scams. Half a million Zoom accounts are for sale on the Dark Web. Brute-force attacks are up 400%. And there's more. So much more."


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: r.padgett
Date: 14 Sep 20 - 01:55 PM

Yep had some issues personally ~ ensure secure connections and ads on here are suspicious

Ray


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 14 Sep 20 - 03:38 PM

I use an adblocker, which doesn't help Mudcat generate revenue, but it eliminates those ads that people talk about occasionally.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Tattie Bogle
Date: 14 Sep 20 - 04:31 PM

Every time I use the back button, I get a warning about " Do you want to re-submit this form? It is not secure" - or words to that effect. (I use Norton 360 as my main anti-V program.)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 15 Sep 20 - 12:46 PM

I see that sometimes with my security software on a couple of sites I visit regularly. The times I pay attention are when following search results to a new location - if it says don't go there, I usually don't.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Mysha
Date: 15 Sep 20 - 02:04 PM

Hi,

'Every time I use the back button, I get a warning about " Do you want to re-submit this form? ...'

If you really get that every single time you use the back button, then something is not as it should be (or you have browser habits I'm not used to).

The intended effect is to stop you from entering the same information twice. Browsers have been "improved" to the point where any action can be used to any effect. Because of this, a little police man has been added to your browsing to warn you when your browsing is unexpectedly different from the norm. In this case, the little police man wants to make sure that you're aware you're trying to do the same thing a second time. (If that's not your intention, use the history to go back to a less critical page, preferably to before you entered any information.

Bye
Mysha


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: JHW
Date: 15 Sep 20 - 02:59 PM

I'm no techhead so I never believe or click ads. Scams are devious.
Using VLC player I got a message box saying an update was available, did I want to download. Up popped a security message saying it was a scam, presumably a ploy to get me to download malware.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 15 Sep 20 - 08:56 PM

If any of you read the article, the points that are germane during the COVID-19 pandemic include:

3. Email scams related to COVID-19 surged 667% in March alone

According to Barracuda Networks, the number of phishing scams related to COVID-19 exploded in March. It probably continued in April and beyond, but we only have March data right now.

These scams work the same as normal phishing scams, trying to separate users from credentials. The only difference is that the emails are using the pandemic to try to push a new set of psychological hot buttons.

Because of so much rushed digital transformation, people are now accepting emails that might not look as formal or professional as before pandemic. And they click on those messages or log into those real-looking sites.

4. Users are now three times more likely to click on pandemic-related phishing scams

Let's add a bonus statistic, courtesy of the Verizon Business 2020 Data Breach Investigations Report. Even prior to the pandemic, credential theft and phishing were at the heart of more than 67% of breaches.

In a test performed in late March, researchers found that users are three times more likely to click on a phishing link and then enter their credentials than they were pre-COVID. Of course, it doesn't hurt that those phishing emails often used words like "COVID" or "coronavirus, "masks", "test", "quarantine" and "vaccine."

5. Billions of COVID-19 pages on the Internet

About three weeks ago, I did a Google search on the phrase "COVID-19" and got 6.1 million search results. Today, the same query yielded 4.8 billion results. Clearly, it's a topic on top-of-mind for many of us. It's also top-of-mind for scammers, because...

6. Tens of thousands of new coronavirus-related domains are being created daily

ZDNet has been tracking the rise in coronavirus-themed domains and has found that tens of thousands of new unique coronavirus-themed domains are being created on a daily basis.

7. 90% of newly created coronavirus domains are scammy

How many of these sites are legitimate? According to the same ZDNet research performed by Catalin, "in nine out of ten cases, we found a scam site peddling fake cures, or private sites, most likely used for malware distribution only to users with a specific referral header."


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Bill D
Date: 15 Sep 20 - 09:59 PM

Some browsers have that "resubmit form" thing and some don't seem to. I access Mudcat 'mostly' on PaleMoon, (a fork of Firefox) which does sometimes do it, but not always. It was a nuisance, but not a serious issue. I finally signed in on Vivaldi, a Chrome-type browser, but with a better GUI than the standard CHROME.. and haven't seen the notice.

   As to sites with good technical info, Arstechnica is very good.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 16 Sep 20 - 10:35 AM

I follow that one on Twitter, but don't get over to Twitter as often as I used to. This is a good day to do that, since it is an informal "boycott Facebook and Instagram Day" today.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 17 Sep 20 - 04:28 PM

I have a couple of friends who need their computers cleaned out and scanned. Has anyone attempted this via remote desktop?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Donuel
Date: 17 Sep 20 - 05:33 PM

All I have is one rule, if I am enticed to click on a new site I don't.
From now on :^\


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 04 Jan 21 - 12:09 PM

FBI: Swatters are hijacking smart devices to live-stream swatting incidents

The FBI said it's working with smart device makers to address the issue.

    The US Federal Bureau of Investigation says criminals are hijacking weakly-secured smart devices in order to live-stream or record swatting incidents.

    "Recently, offenders have been using victims' smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks," the FBI said in a public service announcement published today.

    Officials say suspects are taking over devices on which owners created accounts but reused credentials that previously leaked online during data breaches at other companies.

    These individuals then place calls to law enforcement and report a fake crime at the victims' residence.

    "As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers," the FBI said.

    "In some cases, the offender also live streams the incident on shared online community platforms."

    These types of incidents, called swatting, have increased across the US in recent years and have even resulted in people's deaths through accidental shootings.

    The first known cases of a swatting incident being live-streamed online date back to the mid-2010s. The difference between what the FBI is reporting now and those initial incidents is that devices weren't being hacked.

    Pranksters would identify social events that were being streamed online and would arrange the event to be swatted, such as weddings, church meetings, and more.

    Many of these swatting calls are being placed through online services that provide anonymous calling capabilities -- such as Discord bots and dark web services.

    To counteract with this new rising hack&swat cases, bureau officials said they are now working with device vendors to advise customers on how they could select better passwords for their devices.

    Furthermore, the FBI said it's also working to alert law enforcement first responders about this new swatting variation, so they may respond accordingly.

    As for device owners, the same advice remains valid: Use complex and unique passwords for each of your online accounts. Use two-factor authentication where available.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 20 Apr 21 - 02:11 PM

Now bitmap images are carrying a payload.

Lazarus hacking group now hides payloads in BMP image files

South Korea continues to be a favored target.


The Lazarus group has tweaked its loader obfuscation techniques by abusing image files in a recent phishing campaign.

Lazarus is a state-sponsored advanced persistent threat (APT) group from North Korea.

Known as one of the most prolific and sophisticated APTs out there, Lazarus has been in operation for over a decade and is considered responsible for worldwide attacks including the WannaCry ransomware outbreak, bank thefts, and assaults against cryptocurrency exchanges.

South Korean organizations are consistent targets for Lazarus, although the APT has also been traced back to cyberattacks in the US and, more recently, South Africa.

In a campaign documented by Malwarebytes on April 13, a phishing document attributed to Lazarus revealed the use of an interesting technique designed to obfuscate payloads in image files.

The attack chain begins with a phishing Microsoft Office document (???????.doc) and a lure in the Korean language. Intended victims are asked to enable macros in order to view the file's content, which, in turn, triggers a malicious payload.

The macro brings up a pop-up message which claims to be an old version of Office, but instead, calls an executable HTA file compressed as a zlib file within an overall PNG image file.

During decompression, the PNG is converted to the BMP format, and once triggered, the HTA drops a loader for a Remote Access Trojan (RAT), stored as "AppStore.exe" on the target machine.

"This is a clever method used by the actor to bypass security mechanisms that can detect embedded objects within images," the researchers say. "The reason is because the document contains a PNG image that has a compressed zlib malicious object and since it's compressed it can not be detected by static detections. Then the threat actor just used a simple conversion mechanism to decompress the malicious content."

The RAT is able to link up to a command-and-control (C2) server, receive commands, and drop shellcode. Communication between the malware and C2 is base64 encoded and encrypted using a custom encryption algorithm that has previously been linked to Lazarus' Bistromath RAT.

In related news, Google's Threat Analysis Group (TAG) warned earlier this month that North Korean threat actors are targeting security researchers across social media. First spotted in January, the scheme now includes a web of sham profiles, browser exploits, and a fake offensive security company.


There are lots of links to various things referred to in the story, but I'm not going to copy source code to post it here. Follow the link at the top.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: DaveRo
Date: 20 Apr 21 - 02:50 PM

The attack chain begins with a phishing Microsoft Office document ... Intended victims are asked to enable macros in order to view the file's content ...
I'm amazed anybody would fall for that. Would you?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 20 Apr 21 - 03:25 PM

Not enable macros - I haven't used macros in years anyway - but I have people send a fair number of MS Word documents that have to be "unlocked for editing."


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Joe Offer
Date: 20 Apr 21 - 03:39 PM

You'll notice that the Mudcat Search engine results page has the prefix http://, while the main Mudcat page has the more secure https:// prefix. It costs money to get that https:// certification, and I'm supposing Max didn't feel it was worth the money to get the certification on all aspects of Mudcat. Mudcat is pretty safe, but not secure enough to exchange sensitive information like credit card numbers.


-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 20 Apr 21 - 09:22 PM

I think the "Remote Access Trojan" (RAT) is a perfect name.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Jon Freeman
Date: 21 Apr 21 - 05:58 AM

There are free ways for https, Joe although I don't suppose they would suit everyone.

I had a look at the certbot /Let's Encrypt Route a week or so back for a possible play with Alexa which wants a secure certificate and connections on port 443 (and self signed certificates won't work).


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 21 Apr 21 - 02:20 PM

There's also a lot of power struggle going on in the world these days.

Why Is Big Tech Under Assault? Power.

"Tech executives wanted to change the world, and they did. Of course we’re now questioning them."


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 28 Apr 21 - 11:56 AM

Here's another one (I get emails from ZDnet and CNet):

Emotet botnet harvested 4.3 million email addresses. Now the FBI is using Have I Been Pwned to alert the victims

The law enforcement agency is working with the data breach service to alert people that their information may have been harvested by the botnet.

HIPB, run by Australian security research Troy Hunt, is a widely trusted breach alert service that underpins Mozilla's Firefox own breach-alert notifications.

The FBI collected the email addresses from Emotet's servers, following a takedown in January. The Emotet malware botnet was taken down by law enforcement in the US, Canada and Europe, disrupting what Europol said was the world's most dangerous botnet that had been plaguing the internet since 2014.

Emotet was responsible for distributing ransomware, banking trojans and other threats through phishing and malware-laden spam.

In January, law enforcement in the Netherlands took control of Emotet's key domains and servers, while Germany's Bundeskriminalamt (BKA) federal police agency pushed an update to about 1.6 million computers infected with Emotet malware that this week activated a kill switch to uninstall that malware.   

Hunt says in a blogpost that the FBI handed him "email credentials stored by Emotet for sending spam via victims' mail providers" as well as "web credentials harvested from browsers that stored them to expedite subsequent logins".

The email addresses and credentials have been loaded in to HIPB as a single "breach", even though it's not the typical data breach for which the site collects credentials and email addresses.


The rest of the article is at the link.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: GUEST,.gargoyle
Date: 28 Apr 21 - 07:24 PM

I was "gifted" from a friend... "Rubber Duckie" and "Turtle".

Very, very "OLD school" key stroke loggers.
They had received them from their IT departments to recover lost pass-words. They are fun to play with ... between machines that are never internet connected.

They are also useful in "mothering" young children within a household.

Sincerely,
Gargoyle

Have fun
    Be safe

          Never let your guard down.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 08 May 21 - 05:51 PM

Watch out! Android Flubot spyware is spreading fast

On its website, the National Cyber Security Centre (NCSC) warns about the spyware that is installed after a victim receives a text message that asks them to install a tracking app, because of a missed package delivery. The tracking app is in fact spyware that steals passwords and other sensitive data. It will also access contact details and send out additional text messages in order to further the spread of the spyware.

What is Smishing? The 101 guide

Smishing is a combination of the words “phishing” and “SMS”, to indicate phishing sent across your mobile network in the form of a text. It’s often thought of as the latest scam on the block, but it’s been popular for a few years now. The Pandemic combined with a rise in home deliveries has only increased its popularity still further.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Joe Offer
Date: 08 May 21 - 06:11 PM

I bought a set of three "mesh" wireless routers recently. I used the same network name and password as before, but the new routers required me to log in each device individually. Now I'm wondering if I should have set up a VPN for my house. If I had known I was going to have to reconnect all my devices individually, I would have changed the password.
I don't understand VPNs as well as I'd like to. Any advice? Do I really need one in a rural home?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 09 May 21 - 12:47 AM

VPNs are a good idea, we had to use one to connect to work from home when I worked at the university. If you get one, make it paid. You don't know what you're getting if it's free. I'm going to review them one of these days, since Mozilla updates Firefox and sends me hints that I should use a VPN (and they offer a modestly priced one). I usually start by looking at CNet and ZDnet for reviews.

The trouble I have had in the past with VPN is that when I was travelling and used it to log onto my email, the email software blocked me because it didn't recognize the different IP address (VPN uses various addresses, and none of them are your home address). It was more bother than it was worth, it seemed. But I think we tempt fate the longer we don't put in something like that in this day and age. Rural or urban.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: DaveRo
Date: 09 May 21 - 03:15 AM

I hadn't heard of 'mesh' routers before. They and VPNs are solutions to two different problems I think, at least in the domestic setting.

Mesh routers seem to be a newer version of wifi range extenders. They spread wifi over a bigger area, or improve reception in a building with thick walls. I don't understand the logging in problem; maybe they're not configured right.

A VPN is a more secure or private way of connecting to a remote server. It can also be used to hide your location or pretend you're in a different country.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: GUEST,Jon
Date: 09 May 21 - 03:42 AM

Taking your home as the sort of "base", you can use VPN "inbound" and "outbound".

In my case, I use the VPN server on my router to connect to my home LAN from away.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: DaveRo
Date: 09 May 21 - 04:04 AM

A VPN is a more secure or private way of connecting to a remote server.
So, in SRS's case the remote server was the university, being accessed from home - or anywhere else. In Jon's case the remote server is his home, and is being accessed from elsewhere, and in both cases the objective is a secure encrypted connection.

In the case of a public VPN server, such as I think Mozilla is offering, the remote server is anywhere and it passes internet traffic to 'ordinary' servers - mudcat say. The objective is usually to hide that traffic from your ISP, or any other local snoopers. And maybe to pretend you're in the UK to watch iPlayer, say, in which case you choose a remote server in the UK.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: DaveRo
Date: 09 May 21 - 04:15 AM

...in both cases the objective is a secure encrypted connection
I should have added 'authenticated'. The user normally needs a password, certificate, security-code-generator, or similar to establish the connection, so the remote server knows who's connected.

So different from https, where the data is encrypted but anyone can connect. And your ISP can see that you're connecting to mudcat but not read your posts. Over a VPN the ISP can only see the address of the VPN.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: GUEST,Jon
Date: 09 May 21 - 04:38 AM

Trying to folow on from DaveRo... https (tls/ssl) of course does use certificates but this is for a client (eg. browser) to establish that the remote server is genuine. You can, as I sort of mentioned in an earlier post, "self sign" a certificate but it's not likely to have any use outside your own network. Browsers will pop up warnings that the certificate isn't trusted, or similar. Unless you know what you are doing (eg. something on your own network you have set up), heed the warning and don't visit the site.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 24 Jul 21 - 03:11 PM

US offers huge reward in fight against state-sponsored cybercriminals

"The reward is a clear sign that the Biden administration is increasing its efforts to disrupt state-sponsored cyberattacks, and to punish the criminals who launch them. The press release specifically calls out ransomware campaigns, saying that violations of the statute “may include transmitting extortion threats as part of ransomware attacks.”"


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: GUEST,.gargoyle
Date: 24 Jul 21 - 06:56 PM

Just this past week my brother "gifted" me from a small graphic...... a Trojan from Cult of the Dead Cow.

It is perhaps 30 years old.
Basicly a Key-Logger known as back door orifice.
They also supply the solution, known as, "Butt Plug."

Sincerely,
Gargoyle

There is little reason for anyone recommend to remain connected 24/7. Log in / out out ; record traffic.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: Stilly River Sage
Date: 10 Aug 21 - 10:03 PM

Keeping your computer up-to-date when Microsoft sends out the patches is *important.

Microsoft's August 2021 Patch Tuesday: 44 flaws fixed, seven critical including Print Spooler vulnerability

The latest Patch Tuesday sees Microsoft release fixes for 44 different vulnerabilities, including the much-discussed Print Spooler flaw.









*Every so often a patch goes kafluuey, in which case, you are advised to know how to undo the update.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: BobL
Date: 11 Aug 21 - 03:57 AM

Just out of interest, is the patched code then saved, or are the patches re-applied at every start-up?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Online security issues
From: DaveRo
Date: 12 Aug 21 - 02:21 AM

'Patch' covers a variety of methods, but the effect is to change or add files to the computer. It keeps the old files for a limited period; if you undo the patch it removes the new ones and puts back the old ones.

This doesn't always work, depending on what effect the new files have had since being installed.


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 17 January 1:29 AM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.