Newsletter Archives

  • Gravatar data leak

    You may have seen in the news that the site that provides the icons/images for this site and other WordPress based sites has been involved in a breach. But as I read it, it’s not really a breach, but rather sloppy coding.

    Nothing breached. Someone found Gravatar is using sequential id’s with JSON based API, which means they can very easily get your publicly available data. Slightly easier than scraping the page. But nothing has leaked, everything that was/is available came under a notice that Gravatar would make those details publicly available. Nothing has leaked, just perhaps Gravatar shouldn’t have made it so easy to get details.

    That said, take the time during this holiday season to review your passwords and especially stop reusing passwords. One of the best proactive things you can do this holiday season is to make yourself a big mug of hot chocolate, sit down in front of your computer or iPad and review the passwords on ALL of your sites. Ensure that you change passwords to much longer and stronger versions of what you are currently using. Do not reuse passwords over and over again on different web sites, as all it takes is an attacker to gain access to one password in an account and the attacker will attempt to reuse it on other accounts. Even if you don’t reuse passwords over and over again, if you haven’t changed passwords in a while, it’s wise to update and revise them. Next look to see if you can add multi-factor authentication on sensitive accounts such as banking as well as email. Review your options for setting up multi-factor. Often you can set up services to trust a browser you use all the time and to send multi-factor prompts when you – or an attacker – tries to log in from a new location.

    Action items for 2022: Choose better passwords and add multi-factor wherever you can.

  • You are being investigated

    A female friend of my Dad (he’s 93) called tonight and relayed to him that she got a call from someone indicating that she was under investigation and that as part of the process she needed to buy and provide them the codes from gift cards.  The scammers were able to get $1,000 out of her before she finally realized that something was wrong.

    Please warn anyone that you interact with and talk to that NO ONE asks anyone for gift card numbers. No one is calling from the IRS, the Social Security, or any other agency to ask for payment via gift cards.

    Don’t fall for this, and warn anyone you know not to fall for this either.

  • Small business Saturday

    Here at Askwoody.com we’re a small business. So in the United States we have a tradition of supporting local small businesses on “Small Business Saturday”.  So rather than ordering from that smile box retailer, spend your funds tomorrow at a local business!

    What are you doing to support Small Business Saturday in your city or town?

    If you do online shopping this year, follow the guidance from the Australian Cyber Security center has some tips for you. Online shop on a device that is up to date with it’s patches – especially your browser.

  • Thanks to our subscribers

    Ransomware warning – the holiday season is the time for attacks

    As we enter the American Thanksgiving time, everyone at AskWoody would like to wish you a happy and healthy holiday season … unless you are an attacker.

    And if you are an attacker, we wish you clumps in your turkey gravy and coal in your Christmas stocking.

    The Cybersecurity and Infrastructure Security Agency (CISA) reminds us not to let our guard down.

    Just recently Edge added the “Super Duper secure mode” to their stable channel. (I wrote about this a bit back). Always review your settings in your browser to ensure it’s as secure as you can be and when in doubt, don’t click. Sometimes picking up the phone or using an alternative method to get the information you need is wiser.

    For home users, be extra careful of scams. Gift cards are not always the greatest gift to give someone. Just ask my Dad who had to buy his own Ruth’s Chris steak house dinner when the gift card we bought him was already used by someone else. Buy from the stores directly, not from the card hanging up at the aisle in your grocery or convenience store.  Of course, I think a perfect gift idea is a subscription to the AskWoody newsletter, but I’m very biased.

    Stay safe this holiday season and click carefully.

  • Kape Technologies, formerly Crossrider, now owns 4 top VPNs

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    A holding company with a controversial history — Kape Technologies — announced this month that it had purchased a leading virtual private network, ExpressVPN, adding it to a collection of three other major VPN companies that Kape acquired in 2017 through 2019.

    This concentration of VPN services has raised concerns.

    Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).

  • Firewalls don’t stop dragons

    Are you familiar with the podcast “Firewalls don’t stop dragons“?

    This week’s episode is about online advertising and about how you are the product.

    Every time you load a web page, your personal data is being shared with thousands of companies. The ad spaces on the page are being auctioned off to the highest bidder in fractions of a second. The Irish Council for Civil Liberties calls this the biggest data breach in history, and is suing the ad tech companies on your behalf to stop this needlessly invasive and dangerous practice. My guest Johnny Ryan will explain how this real-time bidding process works and has insider documentation on the types of extremely personal data that’s being shared in order to target those ads to you.

     

    Have a listen!

  • Kaseya VSA has been hit with a ransomware attack

    https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/

    “We are monitoring a REvil ‘supply chain’ attack outbreak, which seems to stem from a malicious Kaseya update. REvil binary C:\Windows\mpsvc.dll is side-loaded into a legit Microsoft Defender copy, copied into C:\Windows\MsMpEng.exe to run the encryption from a legit process.”

    This not good for those who rely on consultants who then use common tools. Kaseya is the name of a company that provides various tools for consultants to remotely access and manage networks for their customers.

    Consumer/Home user impact:  You don’t use Kasaya VSA so you are safe.

    Small business impact/Consultant impact:  So far it looks like it’s only 4 MSPs that Huntresslabs are tracking, but you may want to check your networks to be safe.

  • Got a Western Digital NAS?

    I just told a coworker to unplug his WD mycloud/mybook devices.  We have another zero day for the Western Digital line up.

    Brian Krebs has the details.

    I’m going back to plain old external hard drives as the backup media of choice these days.

  • Got a Western Digital My book?

    Dan Goodwin on Twitter says:

    Western Digital is advising customers to disconnect their My Book storage devices while the company investigates the mass wiping of data from devices all over the world.
    See more here
  • Norton 360 adds crypto mining

    Once upon a time we all bought IBM 8088 computers. To that we all added the yellow box better known as Norton antivirus.

    Over time we moved away from Norton to various other antivirus platforms to where it’s no longer the defacto antivirus we all use.

    Now Norton 360 will be adding crypto mining to it’s antivirus suite.

    Let me just say that I don’t think this is a good idea.  One of the ways you know a system isn’t doing well is when you experience slow downs, and other issues. This would just mask one of the ways we can tell if something is wrong with our systems.

    Sorry, yellow box, I’m going to pass.

    So?  What do you think?

     

  • Dell computers put at risk

    So today’s headline that I wrote above is one that I see too often. It gets you to be worried about something that I honestly don’t think attackers will use as a means to attack us.

    Here’s the background (thanks to reader RougeSec58 for the links:)

    Dell support article

    Reddit thread with N-Able script to remove it.

    So the other day I read this twitter post….

    Due to the introduction of Driver Signature Enforcement & Kernel Patch Protection, it’s become increasingly rare for attackers to create and execute #Windows rootkits.

    All of these firmware/rootkit headlines make me ponder… gee… why is it that attackers use phishing lures so much? Because that’s the low hanging fruit. It’s not easy to attack us to go after Spectre style attacks. I see this Dell issue in the same way. It’s way easier to get us with phishing lures and click baits than it is with these sort of attacks.

    “there is no evidence at this time that its flaws have been exploited in the wild.”

    Just because there is a possibility of attack doesn’t mean it is probable that it’s  being attacked.

    As always, feel free to disagree with me and educate me that I’m in the wrong. That’s what security is all about anyway ….weighing the risks and trying to determine if THAT is going to get me or if it’s just headlines to make me worry.

  • Inside tech support scams

    My Dad spotted this article in the latest AARP bulletin:

    Inside an International Tech-Support Scam (aarp.org)

    It’s an interesting read.

    As he says… “What’s the ultimate solution to this growing fraud menace? Realistically, it will require a mix of tough law enforcement, tighter regulations and increased education to warn consumers of these evil practices.”

    Just a reminder, if you have any stories or tips you can send them to Brian Livingston, Public Defender as scams and tricks are what he loves to investigate best.