Atlanta hit by ransomware attack

This is actually [indirectly] courtesy of the US Government’s NSA, from a few years ago. They actually created the code that exploits Microsoft Servers that face the internet directly.

“It’s been almost a week since the City of Atlanta was hit by a ransomware attack, which encrypted city data and led to the shutdown of some services.
Mayor Keisha Lance Bottoms said in a press conference Monday that the city’s government is working on recovering the network after ransom notes appeared on computer displays on Thursday afternoon. The city has hired local cybersecurity firm SecureWorks to assess the situation.

Reports say the notorious SamSam ransomware was used in the Atlanta attack, which exploits a deserialization vulnerability in Java-based servers. Details of the attack remain largely unknown, but an early investigation may have identified who is behind the attack, said SecureWorks chief executive Michael Cote. Almost a million dollars has been reaped from other businesses that were infected and paid the ransom. It’s not known if Atlanta will pay the ransom.”

Article here.

Blocked Countries by WordFence

“China is in the lead” … of blocked countries. My humble website is constantly being sniffed at from the outside. To me it makes no sense on the surface – I have no confidential data or business secrets whatsoever. I do not do eCommerce or any business transactions for that matter. I do not even make poor stock market predictions!

But it makes sense to the potential intruders. These are likely bots just doing recon, searching for WordPress, Plugin or theme weaknesses and other possible pots of gold. Thankfully, I am fully invested in “WordFence”, an outstanding WordPress firewall.

Equifax Breach or Hack

This is the only link [the first one, below] or site that matters when it comes to the Equifax hack. There are many phishing websites disguising themselves, and reports are coming in that hoax or fake emails are popping into Inboxes. Use caution. ONLY go through Equifax, seeming as though they are the ones who caused the mess. As they likely already have your identity, and then lost it via a hack, you may as well follow the steps off the link below to get yourself courtesy identity theft protection for a few years [that is their penance].

I would even emphasize that you should not take my [or anyone’s] word for it, and double check on Equifax’s website yourself.

Cross reference with the FTC:

This is a wonderful overview of the “Darknet” and the Thor browser.

Darknet 101: Your guide to the badlands of the internet

“Hacked login details. Cybersecurity exploits for hire. Drugs, guns and ammo. If there’s something shady going on online, chances are it’s happening on the darknet.”

Read it Here

Thousands of Hacked Home Routers are Attacking WordPress Sites

Thousands of Hacked Home Routers are Attacking WordPress Sites

Fascinating blog from WordFence, one of the best WordPress firewall out there. They uncovered attacks coming from various countries and regions. The target is home networks. There is a router vulnerability called “Misfortune Cookie” [really] that is being exploited. It appears many home routers are hacked with this vulnerability and they in turn launch attacks. The tricky part here is that the launched attacks are actually small per home router, so detection is difficult.

The really weird thing is that the IPS are coming from all over the place, but attacks from Algeria [!] are increasing dramatically.

Read the WordFence Blog here

Ukraine In The House

There are hundreds and hundreds of these WordFence Firewall entries on Riguy.Com. I blocked some IPs here and there; that will work for a while. I wonder what these nice people from Ukraine would ever want with my most humble of web sites? Regardless, thanks WordFence [awesome security plugin]!



WFence2 WFence1


Windows Security, UAC

Security settings for Windows 10 are very important! In the Control Panel or via an “Ask Me Anything” search [Cortana – just type ‘Security’], can be found System and Security. The Firewall and anti virus/spam, and Internet Security [Edge + IE Browser ] are certainly must-haves.

But also required should be User Account Control(UAC)  Settings. Although these may involve an extra click or 2 when certain functions are started or Windows Apps opened, it is WELL WORTH IT. A simple additional prompt asking you to verify whether you want to make a change can save you loss of your identity or money,  or a complete system crash. What happens if your PC, laptop or tablet is secretly taken over by a group of hackers? Well, they would have to force UAC off or try to install small software to handle their nefarious goals, but you can stop them if a prompt occurs out of nowhere [in which case, run your Antivirus or Malwarebytes quickly!].

Why take chances? It is best to have all of these services active. Think of all of these settings as insurance, but it’s free.



Wordfence WordPress Security Plugin

WordPress is so ubiquitous these days on the web, but hopefully more developers will keep up with the security needs of their sites or at least delegate to someone to maintain after their site is built.

This ‘Wordfence’ security plugin is very impressive. It can do a site scan, block IPs or countries [China, anyone?], and give a live screen of current connections. It does much more as well, especially if the free version is upgraded to the paid version.

It has over 1 million installs as of September, 2015. There is a reason for that – even the free tools are very useful and can provide a fair amount of security. I recently installed this plugin on ‘Riguy’ and it is exactly what is needed for a security blanket.


Critical Windows Security Flaw and Fix Released

Microsoft has released a major Critical Windows Security Flaw and fix. By critical, I mean they went outside of their normally rigid ‘patch Tuesday’ [twice a month] schedule and released this fix on-the-fly, so to speak.

From Mashable:
“The flaw is in the way the Windows Adobe Type Manager Library handles OpenType fonts. In practical terms, if someone running Windows visits a website that contains embedded OpenType fonts or a specially crafted document, an attacker could execute code on his or her computer.

“An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in a security bulletin.”

The Windows update tool in modern Windows OS can handle this.

Critical Windows Security Flaw + Fix Article

D-Link Wireless Camera FTP Storage

We had a few break ins in the neighborhood recently so I decided to set up an outdoor surveillance camera. But I needed to upload motion detected videos to an FTP type of site. So I had to provide for video file storage for an outdoor WiFi based security IP camera. I will use a D-Link video camera and a cloud based location to store the videos. As this is for home use, there is no server. I used to have servers at home, but nowadays, I work off Azure or other Cloud based companies and it is no longer needed or feasible: the server is cloud-based. Besides, home servers are too loud, although I when I had them at home, they were pretty nifty ;>

Anyway – here are the home Surveillance Video Project specifics!


Silverlight Frozen on Microsoft Site!

I had the strange experience of Silverlight, a piece of … Microsoft software, completely freeze while on a Microsoft site [Azure Portal]. The message informed me that ‘Protection’ mode was there to defend me so I was not allowed to enter, or something similar. Gee, thanks!

I love the idea of protection, but shouldn’t Microsoft know that it’s own services are safe? In addition, why is Microsoft locking my page up completely? I was not able to click the “Allow” button. What a tease! Even “Don’t Allow” was frozen.

I even tried the trick of cascading all pages to see if there was a secret hidden pop up box or page. No go. Or should it (not) know about its own safety? Ok, what do I know? Silverlight is an ‘add on’ to Internet Explorer, a Microsoft product and in fact is now firmly intertwined  with Windows 8.

So, to be more concise: I am working on Azure SQL. I try to get into the Azure or SQL Manager to practice some queries on my new database, but I encounter the following, which you may not be able to verify through the ethernet, but I assure it is frozen stiff.


Regardless, the only way to ‘solve’ the Silverlight screen freeze, is –

1) End the IE process via hard close within Task Manager

2) Completely disable Internet Explorer Protected Mode [restart of IE needed]. Go into IE Options, then Security tab, then remove all 4 checkboxes to Internet, Local Intranet, Trusted, and  Restricted Sites or zones.

Not much help, but you can try downloading the latest Silverlight version: Silverlight page. I already had the latest so I resorted to the 2 steps above.

To me, it is ludicrous that Microsoft Internet Explorer PROTECTED MODE needs to be disabled in order to get a MICROSOFT PRODUCT to work.

France Faces Intense Cyberattacks

“France faces 19,000 cyberattacks since terror rampage”

Hackers have targeted about 19,000 French websites since a rampage by Islamic extremists left 20 dead last week, France’s cyberdefense official said Thursday, as the president tried to calm the nation’s inflamed religious tensions.

France is on edge since last week’s attacks, which began Jan. 7 at the offices of the satirical newspaper Charlie Hebdo. The paper, repeatedly threatened for its caricatures of the Muslim Prophet Muhammad, was burying several of its slain staff members Thursday.

Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, some carried out by well-known Islamic hacker groups.

Paid Lizard Squad DDoS Service is Down

It appears the ‘Lizard Squad’ DDoS ‘service’ is already out of business. The sleazy service was relatively new and caused outrage on the Internet due to its, uh, illegal activity: basically it would bombard websites until they could no longer reply to other requests (http), i.e. people would get a ‘page cannot be displayed’ type of message during said bombardment.

DDoS is not new at all, but the Lizard Losers actually set up a business via Paypal or Bitcoin, where one could pay them online for periodic outages of chosen websites. So, they monetized illegal internet activity. They also set up an impressive website. And, to add insult to injury, there is a YouTube video demo of sorts. Check it at the ‘Engadget’ link below. It’s very interesting.

Their service  did not last too long, but look for more of this in the coming months or years …

Engadget Article here