Dimentech

Personalized computer service. Specializing in network design for small businesses and homes. Reseller for Carbonite backup and Sonicwall firewalls.

01/23/2025

Never give out bank account numbers, or respond to text messages saying you owe money. This article about residents in Hampton NH is just a small example of the scams that are happening.

In the last 13 months, Hampton residents lost nearly a million dollars through phone, email, text, and social media scams, many involving crypto.

12/18/2024

Tis the season for phishing :-(

December 18, 2024 3 Comments Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from g...

09/26/2024

Beware of timeshare scams

September 25, 2024 3 Comments The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to a...

09/24/2024

I learned a new scam term today: quishing
Scammers replace QR codes with fake ones. It's sad, but you can't rely on the info you find on parking meters or EV chargers. You need to already know the legitimate way to pay. Just like you can't rely on website URLs or phone numbers in emails, you can't rely on the stickers you see.

Fake QR codes direct EV drivers to a malicious site when all they want is to charge their car.

05/13/2024

Beware phishing related to PayPal accounts

Estate helped hundreds of cybercriminals make automated calls aimed at stealing account passcodes, according to its leaked database.

04/17/2024

Putty ECDSA p521 keys compromised

https://nvd.nist.gov/vuln/detail/CVE-2024-31497

Includes FileZilla, WinScp, etc.

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

04/15/2024

If you use a smart doorlock from Chirp Systems, it's vulnerable to anyone being able to unlock/lock the door. These are used by a lot of apartment buildings, so you might not have the ability to fix the problem. If you own one, replace it.

April 15, 2024 3 Comments The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was firs...

03/30/2024

BOOSTING this security notice

TL:DR - If you have a public facing SSH server, lock it down to allow access only from known trusted IPs. Then read the next TL:DR and apply patches if you have them available.

This is MS-ISAC ADVISORY NUMBER: 2024-033

From FAQ https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 :

If you're running a publicly accessible sshd, then you are - as a rule of thumb for those not wanting to read the rest here - likely vulnerable.

If you aren't, it is unknown for now, but you should update as quickly as possible because investigations are continuing.

TL:DR:

Using a .deb or .rpm based distro with glibc and xz-5.6.0 or xz-5.6.1:
Using systemd on publicly accessible ssh: update RIGHT NOW NOW NOW
Otherwise: update RIGHT NOW NOW but prioritize the former
Using another type of distribution:
With glibc and xz-5.6.0 or xz-5.6.1: update RIGHT NOW, but prioritize the above.

Discussion and additional links: https://news.ycombinator.com/item?id=39865810 (specifically https://boehs.org/node/everything-i-know-about-the-xz-backdoor gives the full history unearthed so far... this stretches back to 2022 starting with gaining the XZ maintainer's trust and slowly adding components of an exploit)

Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveries

03/29/2024

A good article on Thread Hijacking, another way scammers get you to fall for their scams.

March 28, 2024 1 Comment Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a...

03/26/2024

Apple devices being phished with password resets. Don't be a victim. Apple will NOT call you saying they wish to help.

March 26, 2024 3 Comments Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent t...

08/25/2023

This is why I prefer hardware keys such as YubiKeys from yubico.com or an authenticator app. Using SMS text messaging is very insecure.

https://krebsonsecurity.com/2023/08/kroll-employee-sim-swapped-for-crypto-investor-data/

August 25, 2023 2 Comments Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indi...

07/18/2023

From the sans.org mailing list:

Incidence of USB Drives as Initial Attack Vector on the Rise
(July 11, 13, & 17, 2023)

According to Mandiant, the number of attacks using USB drives as the initial vector of intrusion has increased significantly over the first six months of 2023. In a blog post, Mandiant describes two attack campaigns that used USB drives as the initial vector of attack: SOGU and SNOWYDRIVE. SOGU has been used in attacks targeting both public and private organizations across sectors; SNOWYDRIVE has been used in attacks against the oil and gas industries in Asia.

Editor's Note

[Neely]
Time to remind folks about being wary of USB drives bearing gifts, because, yes, it's still a thing. Consider media kiosks for transferring any information from "foreign" USB (or other media) to trusted media. Make sure you're monitoring USB use and that your EDR is not ignoring malware using them as a delivery mechanism.

[Dukes]
With today’s connectivity, cloud access, and collaboration platforms, the need for USB drives has plummeted. But perhaps in certain regions of the world, they forego these more modern means and continue to use USB drives. The bottom line: miscreants will use whatever means available to compromise hosts.

[Frost]
We had been asked to do pe*******on testing work using USB drops recently. I guess this is something that is happening more frequently again. Is it because people are moving around and returning to work environments?

https://www.bleepingcomputer.com/news/security/usb-drive-malware-attacks-spiking-again-in-first-half-of-2023/

What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023

Address

PO Box 305
Warner, NH
03278

Website

https://dimentech.com/

Alerts

Be the first to know and let us send you an email when Dimentech posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Dimentech:

Shortcuts

Want your business to be the top-listed Computer & Electronics Service in Warner?