Privacy Is SUCH a 20th Century Concept

An online payment system owned by PayPal has security problems? Say it ain’t so! Millions of Venmo transactions scraped in warning over privacy settings.

“There’s truly no reason to have this API open to unauthenticated requests,” he told TechCrunch. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”

You want a Modern Tech Company™ to spend time and resources on YOUR privacy? There is no privacy. (F*c*book’s lawyer said so!)

Advertisements

Phishing or Comedy? You decide

A little of both. New Phishing Campaign From ‘FBI Director Wray’ is Hysterical.

This is way better than the Nigerian emails.

Many scam emails are well crafted and their associated phishing sites are spot on, but sometimes you see ones that are so ridiculous that you have no choice but to laugh.

Such is the case with a phishing email that states it’s from “officialfbidirector@usa.com”, has a subject of “Attension: Beneficiary”, and pretends to be from “FBI Director Christopher Wray”. This phishing email is not new, but someone must have restarted its campaign recently as it is starting to pop up again.

Supposedly the FBI Director is emailing you to give you 10 million dollars (and change). Yeah, that sounds reasonable.

The truly sad thing is that some percentage of people (hopefully a small percentage, but probably not 0) will think this is legit, and get pulled in.

What Happens When There Are Millions of Unpatched Mail Servers?

Well if there’s a known vulnerability, they get hacked. Millions of Exim Mail Servers Are Currently Being Attacked.

Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers.

The patch was issued in February. It was raised to critical a week or so ago. People are clueless.

The only people who will find this to be “unexpected” will be “executives.”

People are all about Windows, or Mac, Android vs iOS, but the most prevalent OS running the internet is Unix, in one of its many incarnations. And Exim, is one of the most popular email server packages running on Unix.

My initial post on this vulnerability is from the 9th of June.

The “Block Editor” Has Mostly Destroyed WordPress

So a bunch of people have decided that “blocks are cool.” With WordPress screaming at you about them everyday, it’s hard not to knuckle under.

It used to be, you could pull up a blog, and at least see a headline and a couple of sentences for each post. Overview or introduction. Now I see a headline and a photo on several blogs. Arranged in a “beautiful grid pattern.” Or something. Next to completely useless.

And yes, I know you can make different choices re: format. But a cool grid of blocks and cool images. It must be cool, right? Wrong.

Do You Think The NSA Will Get Their Attention?

I don’t. Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708).

After Microsoft warned Windows users on two separate occasions to patch a severe security flaw known as BlueKeep, now, the US National Security Agency has echoed the OS maker’s warning in the hopes of avoiding another WannaCry-like incident.

The NSA’s alert, authored by the agency’s Central Security Service division, is about the security flaw known as BlueKeep (CVE-2019-0708).

After WannaCry (and associated ransomware) cost corporations 100s of Millions of Dollars, and was in the news for MONTHS, you would think people might get the idea that they need to update their systems. They didn’t. (You want to spend HOW much updating systems? They work just fine today!)

I haven’t seen that any exploits are in the wild, but several have been developed by white-hat hackers, and not released. Though some “suspicious” port scanning was detected almost from the moment the bug was made public. When, not if, an exploit is released, denizens of Mahogany Row will say, “This is so unexpected!”

Millions of Servers Vulnerable – Patch Issued in February

Can you spell WannaCry? Or Not Petya? or Eternal Blue? Millions of Exim Mail Servers Exposed to Local, Remote Attacks.

The patch wasn’t identified as a security issue at the time, but that knowledge has come to light. Even so, February was a long-time ago, as the hacker world moves.

According to a quick Shodan search, vulnerable versions of Exim are currently running on roughly over 4,800,000 machines, with more than 588,000 servers already running the patched Exim 4.92 release.

600,000 servers have been updated (nearly). Explain to me again why you can’t update, I was laughing uncontrollably the last time you spoke.

At this point in time, if you have a system exposed to the internet and you are not patching in a timely fashion.

  1. No one, and I mean no one, is going to have sympathy for you when you get hacked, and hit with ransomware, or cryptominers.
  2. When you get hacked (and you will get hacked) management (that is Mahogany Row) should be tossed out on the street for “failure to manage.”
  3. You can’t say “critical system,” and “no resources to update” in the same breath (look up the definition of “critical.”)

Why am I not in Information Technology anymore? Because I no longer want to argue with people about why they really and truly need to update systems in a timely fashion. Even if that costs time and money. Even if they haven’t done it that way in the past. Now I just sit back and shake my head at the insanity.

The people behind the 400,000+ vulnerable servers… They have a week or so to patch, before the zero-day is exploited and they are in the same position as Baltimore, or UK’s NHS or pick your favorite poster child for the lack of security. Some of them will update, most of them won’t, and then they will cry, like Baltimore, about how this is so unexpected.

More Malvertising

And they complain about my using an ad-blocker. Google Search Ads Infiltrated Again by Tech Support Scams.

Because it would be too much damn trouble to have someone actually screening ads. Just let the algorithms handle it. What can go wrong?

A security research recently told BleepingComputer about a new malvertising campaign that is causing searches for the keyword “Lowes” to redirect a user to a tech support scam. As you can see below, this ad looks legitimate as it is the first item displayed on a search page and shows that its target URL is http://www.lowes.com.

When searchers click on it, though, they are brought to a site that will determine based on various conditions whether the visitor will be redirected to Lowes.com or the tech support scam shown in the video below.

And of course, it’s not just Lowe’s that is impacted.