Kronos HR Management Platform hit by Ransomware

Kronos hit with ransomware, warns of data breach and 'several week' outage

The HR management platform has already informed major customers, like the city government of Cleveland, about the attack.

Krono's software is used by many major corporations and local governments.  Among it's many clients, Tesla, City of Cleveland, hospitals and universities including Clemson, Temple and Winthrop University Hospital.  The clients use Kronos work management software.

The ransomware attack has compromised employee information including names, addresses and social security numbers.

Worst of all is the outage is going to cause many to miss payroll this week.  Not a pleasant thing during the holiday season.

https://www.zdnet.com/article/hr-platform-kronos-brought-down-by-ransomware-attack-ukg-warns-of-data-breach/?ftag=TREc64629f&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D&eh=%7B%24CF_emailHash%7D

These researchers wanted to test cloud security. They were shocked by what they found.

Cybersecurity researchers set up a tempting cloud honeypot to examine how cyber attackers work.

Cloud computing has become ubiquitous in business today.  The problem is the same lax password requirements and slack security is being utilized by many of the companies.  Recently cybersecurity experts at Palo Alto Networks set up a honeypot of 320 entry points around the world.  A "honeypot" is similar to a sacrificial lamb and is meant to attract cybercriminals.

The honeypot was designed with weak passwords used default passwords that was shipped from factory, info readily available online.  The honeypot was made up of common remote services, misconfigured to attract malicious actors.

And it wasn't long before cyber criminals discovered the honeypot and looked to exploit it -- some of the sites were compromised in minutes while 80% of the 320 honeypots were compromised within 24 hours. All of them had been compromised within a week. 

"The speed of vulnerability management is usually measured in days or months. The fact that attackers could find and compromise our honeypots in minutes was shocking. This research demonstrates the risk of insecurely exposed services," said Jay Chen, principal cloud security researcher at Palo Alto Networks. 

https://www.zdnet.com/article/these-researchers-wanted-to-test-cloud-security-they-were-shocked-by-what-they-found/

Intel 11th Generation based Workstations by Driving Force

Tech Giants Microsoft, Amazon and Others Warn of Widespread Software Flaw

This new flaw is called Log4Shell and it allows an attacker to gain entry into servers and computer systems without a password.  Within 12 hours of the Log4Shell exploit being found, hackers were already exploiting the vulnerability online.  Cybersecurity researchers say they have seen thousands of attempts to exploit the bug.

Online Gaming sites are being exploited and any Cloud software entity is at risk.  Amazon, Twitter and Cisco Systems are all working to protect users and study the threat against their systems.

Hackers started exploiting the recent flaw early Friday to gain access to servers running Microsoft’s  Minecraft gaming software.  Security experts noticed the flaw being exploited in Minecraft when players utilize chat features.  A few lines of text passed among players can penetrate the defenses of a targeted computer.  The text is part of Log4J and open source java based logging utility.

Soon they observed widespread scanning and attempts to trigger the Log4j bug across the internet. In a note published Friday, Microsoft advised Minecraft users to upgrade their software to patch the bug.

IBM's RedHat and Oracle's VMware are deploying patches.  The flaw allows attackers to convert computer's log files (files that track a computer's activities) into malicious instructions forcing the machine to download software.  Once this has happened an attacker has access to a victim's network.

Be aware that the threat is against all Internet entities and the problem is that each individual enterprise will have to patch their servers and systems.  Some companies have already begun patching systems but this is not a coordinated simultaneous fix so some users will be at risks longer.

Roblox a popular gaming platform was mentioned on the news this a.m.

Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.

“The internet’s on fire right now,” Adam Meyers told AP News. “People are scrambling to patch and all kinds of people scrambling to exploit it.”  Meyers is the senior vice president of intelligence at Crowdstrike, a cybersecurity company monitoring the Log4Shell hack. 

https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/

Because the bug is easy to exploit and attacks hard to block, the Log4j problem could be used by hackers to break into corporate networks for years to come, said Aaron Portnoy, principal scientist with the security firm Randori. “It is one of the most significant vulnerabilities that I’ve seen in a long time,” he said.

https://www.wsj.com/articles/tech-giants-microsoft-amazon-and-others-warn-of-widespread-software-flaw-11639260827?mod=hp_lead_pos10

DForce 11th Generation Intel unlocked Beasts!

Over a Million WordPress sites Hacked and Chip Shortage-Sky High Video cards prices - Crypto Mining

Over a million WordPress sites breached

UPDATED: WordPress site owners hosted by GoDaddy have had their data exposed -- for months.

https://www.zdnet.com/article/over-a-million-godaddy-managed-wordpress-sites-cracked/

and my experience Crypto Mining

Alleged Chip Shortage and how to become a Crypto Millionaire or not.

The chip shortages affecting automobile production and computer pricing has been in the news lately.  We've been told lots of stories about the cause whether it's supply chain issue or pandemic related.  The chips related to auto manufacturing are supposedly low profit margin and the chip makers are not thrilled about gearing up capacity to supply the auto makers.  Ford is building a plant to make their own chips in the future.  Tesla seems to be the only auto manufacturer not affected.  I'm sure Elon Musk had already incorporated chip manufacturing in the company SOP.

Computer chips have steadily crept upward in prices, especially memory.  The computers Driving Force builds are 99% for business and don't require dedicated Graphics cards for business/cloud applications.

I recently built a new monster PC for myself so I could install/test Windows 11.  At the time there were no video cards available so I had to use an older Nvidia 750 ti card.  I thought Gamers were eating up the available supply of video cards causing shortages and steep prices.  I tried searching for video cards with at least 4GB, preferably 6 GB of memory and they are sold out everywhere.. Best Buy for example.  In addition, the price has doubled at least.  In July of 2019, I bought a NVidia 1650/4 GB Ram for $149.99 at Micro Center.

Today the same card will cost you at least $319 at Newegg, up to $390 for the same chipset.

and those are not the most expensive cards either, see below.

As I said above, I thought it was gamers causing the video cards to be scarce and the chip shortage but I was wrong.  If you watch the stock market you know Nvidia and AMD stocks are some of the hottest ones to have.  Both companies make GPUs, Graphic Processing Units and are experiencing no chip shortage.  

The demand behind their products is Crypto Mining.  That's right, GPUs are more efficient at processing crypto transactions (mining) than computer CPUs.  I've a couple of SOL (Solana) mining machines running full time at my office, one is employing the Nvidia 1650 in my main machine and the other miner is a 3rd generation Intel Core i5 processor.  I had my monster AMD Ryzen 9 mining but the strain mining placed on the CPU was too high.  It affected performance significantly as well as generated a lot of heat from the processor.  I didn't want to risk the investment in my new AMD Ryzen 9 Windows 11 machine, mining is not lucrative enough with my present setup.

However, with the right video cards and enough of them one could make a lot of money mining.  That is why so many countries and even towns in certain US states have outlawed crypto mining.

As of today  12/3/21 at 6:30 a.m. EST, since 11/29/21 11:45 a.m.  I have mined almost $2 ($1.85 to be exact) of Solana, LOL.

There has been some down time.  My initial rig was my AMD machine,  I took it offline and established my main computer with the Nvidia 1650 as a miner.  (BTW, since I don't game I don't see much performance degradation using the GPU rather than the CPU), and yesterday I added a second miner using the old Intel Core i5 computer that plods along in another room happily mining.

So there you have it.  Why there is a chip shortage, 

1. Chip manufacturers want to build GPUs, not low profit margin auto chips (now even Intel is developing a graphics chip).
2. GPUs in high demand by Crypto miners.

and that's my story, I'm sticking to it.

I will follow up with another article soon about my mining software and how to build your own mining rig. Also hopefully an update on extreme earnings if I can acquire the right video (GPU) card.  I want to try an ETH Ethereum miner, BTW, Solana which is currently at $236/coin is an Ethereum based alt coin.