Jared's Technology Podcast Network

Welcome to the Security box, podcast 98. This is a bit of a technical difficulty show, starting with Clubhouse having some sort of trouble, and then the software too. Despite these, the show went on. We had a chat session that talked about social media and Paypal, see the blog for Paypal. The main topic is Chinese state media propaganda found in 88% of Google, Bing news searches which we step through. If you have any questions or comments, please reach out. Thanks so much for having an interest in our show, and we'll be back next week!

Hello everyone. Breach Fatigue is probably on everyone's minds, and I think its time that we talk about it. Luckily, there's an article titled Combatting Breach Fatigue comes from Lastpass and I thought it should be talked about. Even though last week's podcast had some good content and could in some minds be non-security related, between all of that stuff and this, who could blame me for last week? Besides all of that, we will see what people have for what they want to talk about in the news notes section. All of this and other thoughts will be part of the program. Enjoy what we have for you and I hope no tyraid today. Thanks for listening!

Welcome to podcast 96 of the security box podcast series. We're going to bring back news notes for this program, and we've picked out some good stuff. Some may be on this blog, other may not be on this blog. Our main topic is going to talk about the Health Care Industry and whether it is as secure as possible. The reason why we're going to talk about it is plain and simple, there have apparently been two more attacks on the health care industry, yet, one of them is a non-profit. The article is titled Ransomware group strikes second U.S. health care system in the last two months. I bet that there will be a lot of talk on this one, even as we read the notes on this. I've got plenty more things lined up for the podcast, so please feel free to stay tuned and learn with us. Some may be a bit older, but yet worth talking about. Remember to subscribe to The Security Box list as we post items and you're welcome to discuss them on list. We thank you for listening to the program and we'll see you on another edition of the program next time!

Hello everyone, welcome to the security box, podcast 95. On this program, we're going to talk about one vulnerability that affects big internet appliances at a CVSS score of 9.8. We'll see what else comes up including some Crypto news and things posted to our list and what type of order it'll all be in. The main article we'll be covering is titled Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating which comes from Ars Technica.. Ars is probably not going to be the only one covering this, there will be others out there too. The JRN hopes you enjoy the program, and thanks for listening!

Welcome to podcast 94 of the security box. On this edition of the program, we're going to talk about emergency direct requests (EDR's) as there are now actors out there that will use Fake EDR's for getting what they want. There are two articles, both which I read. Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline Cyberscoop Fighting Fake EDRs With ‘Credit Ratings’ for Police Krebs on Security I read the Krebs article first, and some time later, I found the Cyberscoop article which was quite interesting. Besides that, we'll be seeing what others have read, although I've been working and not blogging much between podcasts. I hope that you enjoy the program as much as we are putting it together, and thanks for listening!

Welcome to the security box, podcast 93. We do cover some very interesting topics today including the recent news about our Amazon devices. blog post Besides our amazon devices, we're going to talk as well about an Antivirus program with interesting accessibility isues but also coming with a VPN that can monitor what you're doing. Maybe a problem much? Our final topic is a big huge problem which we need to be aware of. The article is titled New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware which is quite interesting and really worth the read. While it is only targeting gambling sites for now, this thing is packed full of problems and problems which can really cause you not to have a computer if you still have one. Have comments for the show? Contact details are in the program, and I hope you enjoy! This program was aired on the Independent channel on May 4, 2020 and was rebroadcasted on May 6, 2020 through Blue Streak Radio. It airs through their network on Fridays from 8 am CT until its conclusion. I hope that each and every one of you enjoy the program as much as I am bringing it to you, and next week, we've got a great topic dealing with emergency data requests. You don't want to miss it! See you all then!

Hello everyone! Welcome to the security box, and this is program 92. On this program, we're going to talk about Conti, again. The article is titled: Conti’s Ransomware Toll on the Healthcare Industry which was quite interesting when I read it. Besides that, we'll see what others found of interest through the landscape and I'll talk about some stuff as well including the Who's Who directory and updates on it. I hope that you enjoy the program as much as I have bringing it to you, and welcome Blue Streak Radio to the program. They'll air this program on Friday morning Central time. Thanks so much for having an interest on the program.

Hello folks, we're releasing two podcasts on the same day on two different set of subjects. This one, the security box. I hope you all enjoy the program, and below, please find the show notes! Hello everyone, welcome to podcast 91. We're dealing with the teenage hacker in two different articles. As I've determined, there is only one article on the advanced persistent teenager which can also be labeled APT. The first article we're covering is: A Closer Look at the LAPSUS$ Data Extortion Group which was read all the way back near the end of March. This will then lead us in to our other article The Original APT: Advanced Persistent Teenagers which was also good and in depth. I got confused by headings, but this article is only one article part long. We'll also be taking any comments and questions from the audience on Clubhouse and we'll see what else we have to offer. Make sure you check the blog for continuing article writing, we continue to post stuff although there was a lapse of posting lately, but it hasn't been that long. Thanks so much for listening and enjoy the program!

I'm looking to bring back the tech podcast after some time. On this podcast, we've got Michael in Tennessee. Here areh the notes from this program. Hello folks, welcome to the tech podcast. Its been quite awhile since we've done a tech podcast, but its appropriate seeing how the Security Box ran almost 3 and a half hours. Today on the first tech podcast since 2021, we're going to have Michael in Tennessee talking about some of the security landscape and what he's read of late. Lots to talk about and maybe there might be some solutions that people can think about here too. The program is over 1 and a half hours and I'm glad I did it this way. I'll be looking at releasing some more stuff soon! Thanks for reading, listening and finding what we have to say of value.

I thought the podcast was uploaded here, but I uploaded it to my other feed. Sorry about that folks! Here are the show notes. Hello everyone, welcome to podcast 90. On this edition of the podcast, we're going to have our main topic on Millions of Android users should delete these 11 apps after Google kicked them out of the Play Store which is an article talking about 11 different applications that we need to be aware of that may have been causing harm. I'd say that IOS users like myself should be aware of these in case these apps make it to the app store and we get messages from places to download them as well. Besides that, we'll have anything that comes from the community on things they want to talk about and I even think I can do my intros a little bit differently. I hope that you all enjoy the program and thanks for listening! If you go to the blog and you don't see it in RSS, please contact me so I can fix it quicker. Thanks.

Hello folks, I thought I uploaded the show from Thursday, sorry about that. Notes are below. Hello folks, on today's podcast, we're going to cover Explaining Spring4Shell: The Internet security disaster that wasn’t as our main topic. We will cover some of the other landscape as well as any other topics the public has to offer. Note that today's program was done on Thursday to account for an event I attended the day before. We should be able to return to a Wednesday schedule next week. Enjoy the program and thanks so much for listening!

Happy Thursday! The podcast file was created yesterday, but we're relasing now. I hope you enjoy the program and thanks for listening! The Internet is a complex thing. There are different types of internet connections, some are most common than others, but all are important. In a recent article I spotted, the connection known as Sattelite Internet was targeted apparently by Russia, but that is not confirmed. The article is titled A mysterious satellite hack has victims far beyond Ukraine. We'll also have other topics that might be of interest and we'll see what others have to say as well. Thanks so much for listening and enjoying the program!

Hello folks, welcome to podcast 87 of the security box. On this podcast, we talk about a wide range of topics, but we also talk about a three part article set dealing with SMS services that can be used to sign you, the consumer up for services that you may not even know about or even want. While the applications discussed here are potentially Android based, we need everyone to know what is out there in case something is developed for IOS or any other system you may use. Below, please find the links to the articles we are going to be taking from as part of this discussion. SMS PVA Part 1: Underground Service for Cybercriminals SMS PVA Part 2: Underground Service for Cybercriminals SMS PVA Part 3: Countries Most Impacted by Service What caught me on wanting to talk about this is the fact that the United States is affected by this, although we don't know by how much. Understand that I think everyone should be aware of what is out there, and hopefully the articles and information can give you a sense on how you can stay as safe as possible. Thanks for listening, reading and participating in this important topic.

Welcome to podcast 86. On this podcast, we'll cover Windows Update. I only have one article now instead of the two, so we'll have to see how I can get the other back. Besides that, we'll have comments from the Clubhouse room and other topics they may want to bring up. Microsoft Patch Tuesday, March 2022 Edition Krebs On Security I hope you'll enjoy the program as much as I am bringing it to you.

Today, the Security box takes a break from day to day activity although we've covered some scam type activities and even went through how I got started in this industry and how I think information can be given out successfully. We also have some tracks that play as well. The program lasts almost 3 and a half hours, and I hope you enjoy it. I even talk about why we've temporarily retired the normal theme we use for the program. Check the blog for complete details on things that may have been mentioned.

Russia is the hot topic right now, and with good reason. On this podcast, we'll talk a little bit about what we've learned, talk about the scams, recommend books and more. Here are the complete show notes for this week's podcast. Welcome to podcast 84 of the security box. This time, let's discuss Russia's involvement in pure problems. Now, they have decided to go to war, and its against Ukraine. They've been known to do DDOS attacks, ransomware attacks, spreading information that is not true or partially true or even completely false, denying many different things through the years ike the 2016 and 2020 presidential campaigns, and even more may be in the pipeline. Below, please find links to some of the recent blog posts that I've done since the war started. In no way am I linking to everything, but you need to understand what's going on so you can make the most informed decision on your needs based on what is actually happening. McDonalds apparently hacked? Russia has started going after U.S. businesses Conti supports Russia, threatens retaliation Ukrainian officials warn of new phishing attacks Russia VS Ukraine, could it affect us? Info from Kim Komando’s Weekend Newsletters The war starts with DDOS attacks against Ukraine, this is the beginning of things Russia and Ukraine, the battle has begun Cyber Security Experts weigh in on the war on Ukraine I put the link to the video last, because while informative, we know that things are changing rapidly. I put McDonalds first because it was the last we posted and most viewed on linkedin. It got a retweet in France according to a comment. What should you read? There are several books you can definitely read. Zero Day: A Novel Rogue Code: A Novel Trojan Horse: A Novel All of these books are written by Mark Russinovich , someone who works at Microsoft. To learn more about Mark, the various books he's written including those I've linked in these notes, please visit zero day the book which is his web site. All books linked from his site I've read, zero day may be more of what we're dealing with possibly right now. Some books may be available through NLS's bard and Amazon as well as Apple Books.

Hello folks, This is Jared here, and its time for another Security Box. In this almost three hour program, we cover the olden days of Spam and what someone was seeing during our live program. Besides that, we've got Trick Bot and Sim Swapping as our two main topics. Here are the show notes with links, and we'll be back on another show! Hello folks, welcome to podcast 83. Let's start with something that came to my attention on Monday. Let's recap a little bit about Sim Swapping. This actually came up on Monday when someone who comes to assist me was saying to me that someone they knew had their phone cloned. They told me that T-Mobile, the company they were with, told them the phone was cloned. As we know, T-Mobile was breached, and I don't know about you, but I definitely don't trust them. Remember the following? Are you a T-Mobile customer? Better pay attention to this Are you a T-mobile customer? Better read this one Another t-mobile breach, the 4th in several years Remember too, that Podcast 47 covered this in news notes and comments came in too. So there is plenty I covered. Please also read SIM swap scam from Wikipedia. As our main topic, I want to catch people up on what is going on with Trick Bot. The article TrickBot developers continue to refine the malware's sneakiness and power from Cyberscoop will be used in this discussion. The public on Clubhouse got in to a Spam discussion with one talking about the spam messages they were getting. While educational, we did some good laughs in this program and we thank everyone for participating on clubhouse's platform. Tunes were also played during the program. We thank you so much for listening and make it a great day!

I ended up falling sick, sorry for the delayed release of Wednesdays program. I'll be fine and have already started the process of getting medicated. This past Wednesday, we had several people on Clubhouse and we talked about Windows Update and a bunch of other stuff too. Here are the show notes. Hello everyone! Welcome to podcast 82 of the Security Box. This week, we'll catch up on Windows Update, and we will also cover a lot of other stuff from the blog as well. We'll also see what else the listenership and participents in Clubhouse want to talk about. What happened in Windows Update? Our good buddy Brian Krebs from Krebs on Security has the full details. Microsoft Patch Tuesday, February 2022 Edition is the article. Lots of linked material that we links to some CVE numbers if you're interested.

Title: Fake Investor does not go away, Fake investor is back and still the same Hello folks, welcome to podcast 81 of the Security Box! It seems like its time for an update on a very interesting character isn't it? Its time for another update on the fake investor we've covered since podcast 10. I know that I've linked somewhere on the blog all of the podcasts we've covered John Bernard, and this is going to be one of those podcasts. What has he done lately? This article titled Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams from Krebs on Security has the entire details on what he has been up to now and a reminder of his past. Besides all of this, we'll step through the news that has been posted to the TSB list as well as on our blog. We also had a new person come in and aask some stuff they've heard and we debunk the myths and facts of everything. Want to subscribe to the Security Box discussion list? We'll post stuff we're reading, you can discuss it with us, and even post your own stuff too. Here is a link to the Security Box discussion list hosted through 986themix. Just put your email address and name if you wish, and hit that subscribe button. Follow any email instructions you get. Just subscribing will not get you on by default. Confirmations last about 3 days. I hope you enjoy the program as much as I am bringing it to you! Its going to be a great show.

Welcome to podcast 80 of the Security box. On this edition, let's talk about Wordpress. While it is a good platform for people to use for web sites and even blogging as I do, it can come with risks we need to be aware of. Part of those risks include keeping it up to date and of course the plug ins you install. A lot of plugins can be found through the install section of your plug ins management facility, but you can also install plugins manually. The article we're going to cover today comes to us from Ars Technica and was sent by our godd friend, Michael. Supply chain attack used legitimate WordPress add-ons to backdoor sites is the article. I hope that you find the discussion of interest, and if you saw the write up, you found it of value. We'll also touch on other things blogged as well as ask any audience members what they learned and/or read during our discussion today. Remember, you can always contact me through the tech blog or even through the show's contact info as well. Thanks so much for listening, and make it a great day!

Welcome to the security box, podcast 79. I probably am not surprised really about what we're going to talk about, and it was talked about on Throwback Saturday Night's security segment. Now, we're going to take our time on it, because I feel we need to. What are we talking about you might ask? Toronto lab finds security vulnerabilities, censorship framework in Olympic app is an article talking about the olympics and a new app the IOC basically says is completely safe to use. Researchers are saying differently, and one major problem that two of us see brings this to full circle. I'd like to thank DJ Terry of The Mix for calling and asking about this after he heard very little on his news channel. With the games so close away now, this is the perfect time for someone to take advantage and do something they think is a good idea to do in their mind. Thanks for listening whether live or through the podcast or replay, and we'll catch up with you very soon!

The Security box, podcast 78: Windows Update includes a Wormable Flaw Welcome to podcast 78 of the Security Box. As we do typically on the podcast, we spend some time catching people up on what has been going on in Redmond, Washington with Windows Update. We've only got one article, however, News of the week for January 14th has the other article. ‘Wormable’ Flaw Leads January 2022 Patch Tuesday comes to us from Krebs on Security, and it covers this huge problem and others across Redmond and others too. Please feel free to send your messages, topics and the like for consideration. Thanks for listening!

I realized I said podcast 75 at some point in my audio, this is podcast 77. Too late for me to change it however. Below is the notations which include a link to today's program. We return to a Wednesday schedule next week. Hello folks, welcome to the security box, podcast 77. Google fixes nightmare Android bug that stopped user from calling 911 is our main topic of today's program, but I also cover other tech and other odds and ends too. We did have one guest available to chat with us, and we thank them for coming. We hope you enjoy the program and the few tracks at the end, and thanks so much for listening!

Welcome to the Security box, podcast 76. On this podcast, we're going to talk about advertisers who are sucking up student data, even though legal action was taken. We'll also have comments and news items from the public if any, maybe some other topics if it turns in to one, and we'll see what else comes up. Topic Advertisers are sucking up student data, even after legal action, researchers say Cyberscoop

Besides the hour plus discussion we had, we've got music too for the holiday. Hope you have a happy holiday season. No TSB next week unless something breaks, see you in 2022! Welcome to the Security Box, podcast 75. On this edition of the podcast, come with me as we do a little predicting for 2022 with a Trend Micro article titled Pushing Forward: Key Takeaways From Trend Micro’s Security Predictions for 2022. We'll also have thoughts on recent news read, and its been decided that the full news notes segment will be no more in favor of topics that need discussion. This doesn't mean that we won't cover news, but we'll cover it a little differently. Topic Pushing Forward: Key Takeaways From Trend Micro’s Security Predictions for 2022 Trend Micro

Hello folks, This is still developing and there are more articles than listed here. We'll provide the show notes as is, and check the blog and future podcasts for more. Thanks so much for listening! Welcome to the Security Box, podcast 74. On this podcast, something breaking this week called Log4j. We'll break down three different articles that talk about this. Instead of me doing news notes, we'll ask listeners if they have any thoughts on what they have read. There may be questions, comments and other topics not mentioned here for you to enjoy too. Topic Log4J CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices Cyberscoop CISA to brief critical infrastructure companies about urgent new Log4j vulnerability Cyberscoop Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited Trend Micro

Hello folks, welcome to the security box, podcast 73. On this podcast, plenty of news notes and a very interesting topic dealing with AT&T and appliances that are made to bridge the gap between the ISP and the managing of phone calls, conference video systems and similar real-time applications. We hope that you'll enjoy the program and thanks for listening! Topic Business customers need to be aware if they use AT&T products of potential malware. Thousands of AT&T customers in the US infected by new data-stealing malware Ars Technica News Notes Here are the links to News Notes. Some may be blogged already through the blog, so see if there is something that interests you. There are two articles here talking about the same thing. This is a very interesting story about a guy that worked for Ubiquiti until he was recently arrested. Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” from Krebs on Security and Former Ubiquiti employee charged with stealing data, extorting employer from Cyberscoop are the two articles. They both are similar, but both worth the read. US hacker jailed for role in multimillion-dollar SIM swapping campaign Tech Crunch Is the UK government’s new IoT cybersecurity bill fit for purpose? Tech Crunch Ransomware attack on Planned Parenthood steals data of 400,000 patients Ars Technica Emails show what happened before Missouri gov. falsely called journalist a “hacker” Ars Technica Please enjoy the program and thanks so much for listening.

Welcome to the security box, podcast 72. On this program, we're going to play with Linux a little bit as we discuss a vulnerability in the way it works as it can cause DNS cache poisoning. We'll also have news, notes, commentary and more if people have things they want to share. Our Linux Vulnerability Linux has a serious security problem that once again enables DNS cache poisoning Ars Technica News Notes The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back Krebs On Security Tech CEO Pleads to Wire Fraud in IP Address Scheme Krebs On Security SMS About Bank Fraud as a Pretext for Voice Phishing Krebs On Security Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny Cyberscoop Apple sues NSO Group, spyware vendor known for helping governments hack critics Cyberscoop More may be on the blog, thanks so much for listening and participating!

Welcome to the Security box, podcast 71. On this podcast, we're going to cover things we did not cover last podcast including windows update and a very interesting report dealing with the threat trends for November 2021. We'll have news notes and plenty of it too. Hope you enjoy the show! Patch Tuesday Microsoft Patch Tuesday, November 2021 Edition Krebs On Security November Continues Streak of Quiet Patch Tuesdays Trend Micro Threat trends and intelligence report new-quarterly-threat-trends-intelligence-report-available Phishlabs News Notes Below, please find the links for the news items that are going to be talked about for this week. We may have blog posts on some of these, so make sure you check out the blog for complete details on things and maybe you'll find something you want to comment on. The US closes Huawei loophole, will no longer grant exceptions for ISPs Ars Technica More than 1,000 Android phones found infected by creepy new spyware Ars Technica Malware downloaded from PyPI 41,000 times was surprisingly stealthy Ars Technica US charges Ukrainian and Russian nationals over ransomware attacks Ars Technica US says Iran-backed hackers are now targeting organizations with ransomware Tech Crunch Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating Ars Technica I hope you enjoy the program, we'll have more news notes and another great program next time. Thanks for listening!

Hello folks, better late than never. We have a full open forum show for TSB for this week. While only two of us in the room, we cover quite a bit of various things. See you next week!

Welcome to the security box, podcast 69. On this edition of the podcast, we turn our attention to another story, bullying over the telephone lines. We have some news, notes and commentary as well, but the bulk of this program is to think about what might go on these lines whether it is one you are on now, or one you've been on. Thanks for listening!

Welcome to the Security Box, podcast 68. On this edition of the program, let's talk about social media and phone line issues as it relates to cyberbullying and other related topics. We'll also have news, notes and more. Social Media discussion In a very interesting turn of events, I wasn't necessarily going to put anything in to this section because I was going to do a full vocal discussion. But when I saw my own digest on my blog, I saw a very interesting post dealing with Social Media and other things related that I'll link here. I'll still do vocal talk with no notations, but this post is worth bringing up. , Don’t miss what’s happening People on Twitter are not the first to know. The Technology blog and Podcast's Shaun Everiss News Notes Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 Krebs On Security 'Cyber event' knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak Cyberscoop A Russian-speaking ransomware gang says it hacked the National Rifle Association Cyberscoop We hope you enjoy the program, and thanks for listening!

Welcome to Week 4 of NCSAM. This week, we're going to cover protecting your children online. Notations are taken from a presentation I heard about the topic, and I've summarized it to tell possibly some stories that may be similar to something you've heard or seen. We'll also have news, notes and other comments as the program gets started. Protecting Our Children online Protecting your kids online. Including topics like grooming, cyberbullying and more. News Notes The following are some of the items that have been read within the past week. Feel free to read the ones that are of interest to you. FBI, others crush REvil using ransomware gang’s favorite tactic against it Ars Technica PurpleFox Adds New Backdoor That Uses WebSockets Trend Micro Sinclair Broadcast Group suffers ransomware attack, the latest affecting media Cyberscoop Candy corn producer says ransomware incident 'not likely' to sour Halloween supplies Cyberscoop Conti Ransom Gang Starts Selling Access to Victims Krebs On Security I'll try and blog some of this older news we've got, so stay tuned. Hope you enjoy the show!

Welcome to the Security Box, podcast 66. Is 66 a lucky number? T-Mobile and Verizon are in the news with Spam messages, AT&T is in the mix as well in passing, Google is getting in the mix with two-factor authentication on more accounts, as well as news, notes and more. Topics Verizon subscribers are the target of a phishing expedition; do not respond to this text message Phone Arena T-Mobile customers are receiving spam texts possibly related to August's data breach Phone Arena NCSAM Google will enable two-step verification by default on 150 million accounts before year's end Phone Arena News Notes read from around the landscape The following are links to stories that have been read from across the landscape. In October, we do news notes live so that you, the listener, can get a benefit of this being a discussion. If you like the way this is being done, please let us know and I may do it full time. How Coinbase Phishers Steal One-Time Passwords Krebs On Security Some versions of Android share users' personal data with no chance to opt-out Phone Arena US gov’t will slap contractors with civil lawsuits for hiding breaches Ars Technica Millionaire Twitch streamers react to their leaked earnings Ars Technica Hope you all enjoy the program, and thanks for listening!

A few technical issues, but what is a show without those? In this 3 hour episode, we've got quite a lot for you, so sit back and check out the links to the following items for your perusal. Welcome to the Security Box, podcast 65. On this podcast, let's discuss an article we read after the release of last week's program in regards to Twitch and their recent breach we were alerted to during the live taping of the program. After that, we're going to cover more NCSAM and even have some news notes. We'll do news notes the same as we did last week, as it turned in to a lively discussion. I hope you'll enjoy the program, and thanks so much for listening! Breach topics Stolen Twitch source code, creator payment data revealed in apparent data leak Cyberscoop Trolls defaced Twitch's website with pictures of Jeff Bezos, the latest security concern Cyberscoop NCSAM: Scam apps Hundreds of scam apps hit over 10 million Android devices Ars Technica News Notes read from around the landscape Electronic Frontier Foundation will deprecate HTTPS Everywhere plugin Ars Technica Company that routes SMS for all major US carriers was hacked for five years Ars Technica Former TD Bank, Bank of America employee allegedly helped email scammers launder money Cyberscoop Suspected Chinese hackers masqueraded as Indian government to send COVID-19 phishing emails Cyberscoop

NCSAM is now in full swing, this week, Are You Cyber Smart? A Checklist from Lastpass will be what you need to look at with 5 great tips and things that might be of interest to you. In my writeup of this, I talked about the Neiman Marcus breach and how people should be aware of it even if they aren't affected. We'll have news, notes and more. Hope you'll enjoy the show! News Notes Police raid in Ukraine results in arrests of 2 alleged ransomware hackers Cyberscoop The Rise of One-Time Password Interception Bots Krebs On Security Thanks so much for reading and participating in the show!

Welcome to podcast number 63 of the Security Box series. On this podcast, come and learn about the password trends of 2021, thanks to lastpass's article. Next, a 5.9 million dollar ransomware paid by a farming co-op and a very interesting discussion I heard recently about this. We'll definitely have some news and notes from around the landscape, and even some commentary from any guests that participated through Clubhouse on the live program as well as anyone else through email, imessage and other contact points. Topics New Report: 2021 Psychology of Passwords Lastpass $5.9 million ransomware attack on farming co-op may cause food shortage Ars Technica ">Phone scammers use COVID-19 vaccine appointments to try tricking victims into downloading malware Cyberscoop Nation-state espionage group breaches Alaska Department of Health Ars Technica Hackers are using CAPTCHA techniques to scam email users Cyberscoop Apple users warned: Clicking this attachment will take over your macOS Ars Technica Thanks so much for listening to today's program, and we'll be back for a month of NCSAM. Enjoy!

Welcome to the Security box, program number 62.  On this program, we're going to cover Windows Update as well as a very interesting article from Krebs about a new botnet that seems to have done quite a bit of damage.  It is an IOT botnet called Meris.  We'll also have news, notes and lots more. Windows Update There are the usual two articles on Windows Update.  This time, Krebs has quite a bit on these updates while Trend Micro covers the highlights but also gives some info of value too.  They're both good for their reasons, so read them both. Microsoft Patch Tuesday, September 2021 Edition Krebs on Security September Patch Tuesday: 66 Bulletins, Only 3 Critical Trend Micro Meris There is one article which we're taking from for this one, but did you listen to podcast 836? KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” Krebs On Security News Notes Security researchers at Wiz discover another major Azure vulnerability Ars Technica Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware  Ars Technica Trial Ends in Guilty Verdict for DDoS-for-Hire Boss Krebs On Security Customer Care Giant TTEC Hit By Ransomware Krebs On Security I hope you enjoy the program and thanks so much for listening!

Scott Schober is on Clubhouse, and he invited me over to his club which talks about cyber security topics. Here is a link to his Cyber Security club where members can join the conversation. The discussion started with whether we've gotten the vaccine or not, whether restaurants and other places are collecting that data let alone securely, and more. I decided to join the stage and while I applauded the conversation about covid-19 vaccines, what aout other problems we're still dealing with lik the open databases problem? Take a listen to this, and let's discuss whether I'm right, or whether we need to be concerned about this. I'll have more talks soon. Scott Schober's web site

Welcome to the Security Box, podcast 61.  On this podcast, let's discuss the updates on CSAM as it pertains to Apple.  We'll have news, notes and more.   Topics Under fire from privacy advocates, Apple delays controversial photo scanning plan Cyberscoop News Notes “FudCo” Spam Empire Tied to Pakistani Software Firm Krebs On Security 15-Year-Old Malware Proxy Network VIP72 Goes Dark Krebs on Security Microsoft: Attackers Exploiting Windows Zero-Day Flaw Krebs on Security IRS used vape store receipts to gather evidence against alleged Ukrainian scammer Cyberscoop

The Security box, podcast 60: The Security Landscape as a whole from broadcasting software and web site services to T-Mobile's Fiasco What has changed on the security landscape? We learn about T-Mobile's recent failure, and even web sites are braught up as well as broadcasting software among other things. This turned out to be a very interesting show. What do you think has changed? What have we done wrong? What do you think it'll take to fix it if it can be fixed at all? No news notes this week, but they'll be back next week.

Hello folks, welcome to the Security box, podcast 59. On this edition of the program we have two different prerecorded segments for you. First, we interview Scott Schober of Berkeley Varitronics Systems, Inc. He's written various books which we talk about, as well as some of what is going on in the security landscape. Next, we have a talk that was done by Phishlabs, who did the Quarter 2 Phishing Trends report. To top it all off, we'll have news and notes from around the landscape as well as questions and comments after each segment if any. > BV Systems Scott's Web Site new-quarterly-threat-trends-intelligence-report-now-available Phishlabs News Notes from around the web FBI warns that Hive ransomware hackers are calling victims by phone Cyberscoop What the Norton-Avast Merger Means for Cybersecurity Trend Micro FCC proposes record $5 million robocall fine for voter suppression scam Cyberscoop Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack Cyberscoop Microsoft Azure vulnerability exposed thousands of cloud databases Cyberscoop Scammers impersonate Europol chief in an effort to defraud Belgians Cyberscoop Thanks for listening!

The Security Box, podcast 58: What's the matter with T-mobile? Why are system failures on the rise? News Notes and More Hello Everyone, welcome to the Security Box, podcast 58. Question: what the hell is going on with T-Mobile and their inconsistancies of containing breaches and lying about what they were going to do when they were granted the murger with Sprint? Who is ENISA and why are they saying that system failures are on the rise? Finally, what is the Chaos Ransomware and why could it have impacts beyond a proof of concept? We explore all of these topics, as well as news and notes from around the landscape on this edition of the podcast. Fasten your seatbelts! T-Mobile Here are the articles read that deal with T-Mobile to date. We're still learning more and nothing is very clear yet. The investigation continues. T-Mobile apparently lied to government to get Sprint merger approval, ruling says Ars Technica Hackers who breached T-Mobile stole personal data for ~49 million accounts Ars Technica T-Mobile investigates potentially massive breach of consumer data Cyberscoop T-Mobile Investigating Claims of Massive Data Breach Krebs On Security T-Mobile: Breach Exposed SSN/DOB of 40M+ People Krebs On Security T-Mobile confirms breach of more than 8 million customers' data Cyberscoop Other Topics Chaos Ransomware: A Proof of Concept With Potentially Dangerous Applications Trend Micro ENISA says System Failure is on the Rise Trend Micro News Notes from around the landscape New York man sentenced to 3 years for stealing students' nude photos after hacking their accounts Cyberscoop Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer Cyberscoop Ohio man pleads guilty to role in $300-million cryptocurrency laundering service Cyberscoop Japan's Tokio Marine is the latest insurer to be victimized by ransomware Cyberscoop Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras Cyberscoop End of notes

Originally released on August 11th, we found out that I put it up in download form but not RSS. Sorry about that! Welcome to the security box, podcast 56. Two comments will start us off as someone commented on the replay of our show from last week. Both are good comments worth bringing up. Next, we've got a topic that might be of interest talking about the lifecycle of a breached database. Next, let's find out how the government is doing with their Cyber Security. What did the senate report find? Find out in our second topic. We'll have news notes and commentary as well. Topics The Life Cycle of a Breached Database Krebs on Security Federal agencies are failing to protect sensitive data, Senate report finds from Cyberscoop and The State Department and 3 other US agencies earn a D for cybersecurity from Ars Technica go hand in hand. Both articles are good, but ars has a very interesting table and other stuff too. News Notes read from around the landscape Google Play Protect fails Android security tests once more Bleeping Computer A US official explains why the White House decided not to ban ransomware payments Cyberscoop Cyberattack knocks Italian vaccine registration portal offline Cyberscoop Facebook stops NYU researchers from examining misinformation, is criticized for 'silencing' transparency efforts Cyberscoop Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records Cyberscoop Criminals are using call centers to spread ransomware in a crafty scheme Cyberscoop There is more news, but this is some of what we've read throughout the past week. I'll be blogging some more news, and of course, the list will have plenty more. End of program

Welcome to the security box, podcast 57. We have three topics for you today, and I hope that you will enjoy them. The first topic for this podcast will be talking about the name game of the ransomware gangs we have out there. The second topic which was totally forgotten is of course Windows Update and what is happening with that operating system. Finally, probably the most contravercial topic we have to date, Apple and how they're handling the images that people may have that are backed up in to icloud that deal with children and the potential of abusive images of a sexual nature. We will also have news notes and commentary as well, buckle up as you don't know what'll happen with these topics! The program may contain adult content, and listener disgression is advised. Topics Ransomware Gangs and the Name Game Distraction Krebs On Security Windows Update August Patch Tuesday: A Quiet Month for Microsoft Trend Micro Microsoft Patch Tuesday, August 2021 Edition Krebs On Security Apple says it will refuse gov’t demands to expand photo-scanning beyond CSAM Ars Technica News and Notes from around the landscape The following are items that will be linked here and discussed in news notes for this week. There may be items that are not article related that may not be shown here in the notes. Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants Cyberscoop Phishing Sites Targeting Scammers and Thieves Krebs On Security Four years after FBI shut it down, AlphaBay dark web marketplace claims it's back in business Cyberscoop European police round up 23 suspected scammers accused of $1.2 million fraud Cyberscoop Two members of QQAAZZ, which laundered funds from cybercrime, plead guilty Cyberscoop Detecting PrintNightmare Exploit Attempts using Trend Micro Vision One and Cloud One Trend Micro Hospitals hamstrung by ransomware are turning away patients Ars Technica There may be more, please check out our blog and email list for more. Thanks for reading and listening to our show!

Welcome to the security box, podcast 55. On this edition of the podcast we've got two Sans News Bites headlines, topics including a very interesting story on someone named "PlugwalkJoe" I.E. Joseph O'Connor, a topic on a new ransomware gang called Black Matter, and we've also got several news items including one that isn't an article but intrigued me when listening to the TWIT network. All of this plus anyone who had questions, comments or took part in the discussion, as podcast 55 gets started. Topics Here are the topics for today. PlugwalkJoe Does the Perp Walk Krebs on Security Threat intel firms suggest ransomware gang 'BlackMatter' has ties to DarkSide, REvil hackers Cyberscoop Sans News Bites These are the Sans Newsletters that have been read. Links to them are also on the blog. Sans News Bites July 27, 2021 Vol. 23, Num. 058 Sans Institute Sans News bites for July 30, 2021 Sans Institute News Notes read from the web Software downloaded 30,000 times from PyPI ransacked developers’ machines Ars Technica Feds list the top 30 most exploited vulnerabilities. Many are years old Ars Technica New bank-fraud malware called Vultur infects thousands of devices Ars Technica FTC's right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers Cyberscoop End of program

Hello Everyone! Welcome to podcast 54 of the Security Box. On this edition of the program, learn about Windows 11, the latest Microsoft operating system and what scammers are doing to monitize even while this version is still in beta. Next, come with us and learn about the latest in the average ransomware payments as it looks like they are declining, for now. We'll have news, notes, hopefully calls with questions or discussion throughout. If you want to leave feedback and you're listening through the podcast, call 602-887-5198 or email, imessage, whats app, or text your thoughts. The lines of communication are given throughout and I welcome what you have to say. Topics Here are the topics for today's program. Scammers are using fake Microsoft 11 installers to spread malware Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says Cyberscoop Sans News Bites Here are links to Sans News Bites, a newsletter by Sans Institute. While we may cover some of the items in these newsletters, you should read these to determine if something affects you. Sans News Bites for June 20, 2021 Sans News Bites Sans News bites for July 23, 2021 Sans Institute News that have been read from around the web The following is news that have been read from arount the web. Some may be blogged, some may not have been blogged. Serial Swatter Who Caused Death Gets Five Years in Prison Krebs on Security Spam Kingpin Peter Levashov Gets Time Served Krebs On Security Dutch police bust alleged 'Fraud Family' phishing service members Cyberscoop Kaseya obtains decryption key for victims of massive ransomware attack Cyberscoop An explosive spyware report shows limits of iOS, Android security Ars Technica We hope you enjoy the program as much as we have bringing it together for you!

Hello everyone, welcome to the security box, podcast 53. On this edition, we'll be talking about some of the things that articles talk about in regards to Windows Update that came out the week of July 16, 2021. Seems like we had good success with last week where we opened the phone lines for others to participate in an open forum, so we'll do that again and see what happens and if people participate or not. You can always comment after the fact by calling our voice mail line at 602-887-5198 and letting me know you want your comments aired. We'll also have some news notes and maybe a discussion on those as well. Windows Update Here are the articles that deal with Windows Update. One is by Trend Micro and one is done by Brian Krebs from Krebs on Security. July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems Trend Micro Microsoft Patch Tuesday, July 2021 Edition Krebs on Security Sans News bites Sans News bites for July 15, 2021 Sans Institute News Notes from around the web > REvil ransomware gang sites go dark, for reasons that remain unclear Cyberscoop Senate confirms former White House, NSA official Jen Easterly as CISA director after delay Cyberscoop Facebook catches Iranian spies catfishing US military targets Ars Technica Morgan Stanley discloses data breach that resulted from Accellion FTA hacks Ars Technica day gave Chinese hackers privileged access to customer servers Hackers IDed Ars Technica

Welcome to the security box, podcast 52. On this podcast, let's talk about the water supply hacks and the growing threat of them through the help of an interesting article by Last Pass. After that, we'll see if people partook in an open forum of topics they want to talk about and of course news, notes and highlights from the landscape that have been read. Topic: The Water Supply and the landscape The Growing Threat of Water Supply Hacks Trend Micro News Notes Below, find links to items that are of interest we've read from around the landscape. Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax Krebs on Security 25 bogus Google Play store apps promised to mine cryptocurrency for a fee, scamming wannabe investors Cyberscoop Malware spammers aim to leverage Kaseya ransomware drama in email campaign Cyberscoop Report: iCloud+ Private Relay could spell the end of iOS ad fingerprinting But it isn't perfect imore.com

Hello folks, welcome to the security box, podcast 51. On this edition of the program, we continue with Phishlabs and their q1 Phishing and intellegence report talking about Top Level Domains and certificate abuse. Next, Michael in Tennessee sent me an article talking about one email which exposed hundreds of email addresses. We'll also have news and notes, people can call and comment as usual, and we'll see where the show takes us. Topics Breaking Down Phishing Site TLDs and Certificate Abuse in Q1 Phishlabs An email sent by One Medical exposed hundreds of customers’ email addresses Tech Crunch News Notes International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators Cyberscoop Another 0-Day Looms for Many Western Digital Users Krebs on Security DOJ files 7 new charges against alleged Capital One hacker Tech Crunch US hits anti-robocall milestone but annoying calls won’t stop any time soon Ars Technica Kaseya hit with suspected cyberattack, raising fears of major supply chain incident Cyberscoop Chinese hackers suspected of using Dropbox to snoop on Afghan officials Cyberscoop We Infiltrated a Counterfeit Check Ring! Now What? Krebs On Security We hope you enjoy the program!