So with the move / switch to a new domain name, I encountered something that would seem simple enough to fix. My hosting company switched the site for me and the root domain name changed so everything was broken, i.e. the CSS and JavaScript were not loading and only unstyled text was showing. I thought (wasn’t sure at the time and was hoping for the best) that the problem was the root domain. Continue reading “How to move WordPress to new domain name”
Author: J.C. Cross
New URL
Moved site to jcberry.io
Whew!
Wizard Spider call centers
On the dark web you can buy call center services and bot armies that are amazing in scope (“hundreds of millions of dollars in assets. ..The group’s extraordinary profitability allows its leaders to invest in illicit research and development initiatives,’ the researchers say. ‘Wizard Spider is fully capable of hiring specialist talent, building new digital infrastructure, and purchasing access to advanced exploits.'”). https://www.zdnet.com/article/wizard-spider-hacking-group-hires-cold-callers-to-scare-ransomware-victims-into-paying-up
It is impressive. Wizard Spider also leverages BEC.
Funny passwords!
As a system admin you need to be on the lookout for people who make these. “[T]here were 1,862 data breaches in 2021 — a 68% increase over breaches in 2020. And, new year-over-year results indicate a fast start to data breaches in 2022, as more than 90% of data breaches are cyberattack-related.”
https://www.securitymagazine.com/articles/97518-the-20-most-common-passwords-leaked-on-the-dark-web
Pandemic depression, self-harm and suicide jumps
It’s easy to blame the pandemic for everything, but there was a 45% increase in self-injury and suicide cases among 5- to 17-year-olds in the first half of 2021. We can blame social media, and we’d be right to, but it’s not all due to that either.
Now I don’t have children, but my interactions with friends’ kids and my nephews have made me realize that there is intense need for understanding and importance in our youth at those ages. Then in college, young adults are trying to grasp their meaning and place in the world through a career. Both of these times are critical in self development–but the last thing they needed was a pandemic shutdown (imho).
https://www.morningbrew.com/daily/stories/2022/04/24/the-teen-mental-health-crisis-mystery
Mailchimp: the hack, the user education?
Took some time with 300 accounts being compromised and getting personal information through them. Used social engineering and hit client Trezor. Here a corporate policy that recommends exactly what they are hit with.
Took some planning:
“The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app,” the crypto wallet company wrote in a blogpost.”
As usual, some irony dripping off this one when compared to the recommendations on their site help:
“You received an unexpected email from Mailchimp staff or service teams. This may include forgot username emails or password reset emails you didn’t request…For an extra layer of security, we encourage you to set up two-factor authentication with SMS or a two-factor authentication app”
https://mailchimp.com/help/i-think-my-account-has-been-compromised/
Bermuda Citizen Number One
Larger than life.
At the Royal Bermuda Yacht club, Charles lifted his whisky again and let loose some blue language. Then with that twinkle in his eye flirted with my mother. He had just returned from the Arctic sailing trip with Warren “War Baby” Brown and was once again the center of attention in Hamilton.
Continue reading “Bermuda Citizen Number One”
New look
Got a new look here with my new logo and domain name. The .com and .net were taken.
Cyber recommendations for wartime
Saw these recommendations for cyber today. Organizations should be vigilant for the evergreen practices: employee training about phishing and social engineering, give only the permissions needed to users, and scan for vulns and lock down ports you don’t use. But it adds, clean up old accounts (a practice for admins) and resist trying out new security measures.
Four key cybersecurity practices during geopolitical upheaval | Malwarebytes Labs
CISA has also put out some recommendations: Shields Up | CISA
Two Realities
Been reading John Bolton’s The Room Where It Happened. I thought that Trump was reined in by the “adults in the room.” While that sometimes happened, those very same people failed in doing so in the long run.
The other reality? My relative just listened to another Trump rally today.
I don’t understand what the man is rallying for. Like my friend Gijo notes, neither Reagan nor the Bushes threw rallies after they left office. I also remember my first following politics in 1992. Bob Dole, while being unfortunately noncharismatic, was understandable and coherent. He didn’t fly off the handle, at least publicly. Trump brought vitriol and instability as he coped with a job he was unsuited for.
Is he planning a 2024 run? It seems so. There has to be a sane alternative.
Unholy Alliances
Is this biblical?
Google: Chinese state hackers target Ukraine’s government (bleepingcomputer.com)
Meanwhile elsewhere on the planet, China is expanding yet again.
https://www.navalnews.com/naval-news/2022/03/chinese-navy-growth-massive-expansion-of-important-shipyard
“Sanctions are not working”
Lindsay Addario on Firing Line with Margaret Hoover. She covered her times as a war correspondent and the losses of fellow journalists and the decimation of civilians in local communities.
Photographing the Reality of War – The New York Times (nytimes.com)
I wanted to be a photojournalist for a bit, until things just happened. It’s not glamorous (just the idea of a Pulitzer maybe). You have to love what you do.
Just getting back to writing again, as I was on a birthday “getaway.”
OK, I’m a prepper
I bought some extra water because of recent events. I know, cyberattacks may not hit infrastructure–though there are cyberattacks right now in Ukraine, reportedly Russian state actors have not yet attacked infrastructure–but that’s the extent of my prepping. Things over there have continuously escalated, with Russian attacks on civilians, so no one knows what’s going to happen.
Biden: we will “use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.”
Slightly comforting.
Biden: There is “evolving intelligence that the Russian government is exploring options for potential cyberattacks.”
The government claims to be ready, but your enterprises and SMBs may not be.
https://www.cnn.com/2022/03/22/politics/analysis-biden-warning-putin-cyberattack-us/index.html
There is something that you should be doing right now as an SMB or enterprise: MFA should no longer be optional. It’s a comparatively small measure considering what could be in way of an attack.
The government made these suggestions, which are a good summing up:
– Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
– Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors
– Back up your data and ensure you have offline backups beyond the reach of malicious actors
– Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
– Encrypt your data so it cannot be used if it is stolen
– Educate your employees to common tactics that attackers will use over email or through websites
– Work with FBI and CISA to establish relationships in advance of any cyber incidents
LokiLock ransomware
So now these crooks are using a new ransomware called LokiLock, that wipes your device. This has already happened in Ukraine and “The US government fears destructive malware could target organizations in the West in retribution for sanctions against Russia.”
‘Everyone loses’: This new ransomware threatens to wipe Windows PCs if its victims don’t pay up | ZDNet
How can you negotiate when they destroy your machine in the process? It’s clearly like NotPetya, where Ukrainian systems were attacked by Russian actors. That’s what is currently
A colleague said that he prefers the U.S. having separate agencies in lieu of a centralized authority. He’s right about centralized authority in general, but I think we need a single federal agency in this case–in the name of readiness for a war perhaps coming soon to your local water company.
Raking it in
I’ve noticed that Trump supporters are paying to see speakers like Tucker Carlson and Charlie Kirk to the tune of $20 to $5000(!) I remember my relative saying “there’s no way [Trump] lost.” So 40-odd law suits later, they still think that. There is something akin to delusions of grandeur here–but with crowd size supposedly indicating where the nation is.
Reddit emotion; Psycho-physical pain
Two mental health articles.
A Dartmouth study found that major depressive, anxiety, and bipolar disorders can be recognized by the emotions of Reddit posts; the posts can reveal an “emotional fingerprint” for a user. They didn’t examine the content, just the emotion–so the study is an incomplete look at emotional disorders in my opinion. Also, what about the bomb throwers and trolls? Online mass movements?
https://home.dartmouth.edu/news/2022/03/ai-model-detects-mental-disorders-based-web-posts
Cyber war through Anonymous
Just learning more about what Anonymous is doing. Can we cheer for them? MSNBC updated us on the events about attacks on Russian targets, but made note that this could lead to cyberwar. The NYT had the other side: there are attacks by Russian operators on Ukrainian targets. Opinion | I’ve Dealt With Foreign Cyberattacks. America Isn’t Ready for What’s Coming. – The New York Times (nytimes.com)
Ukraine is fighting back with a volunteer cyber army. What will you do when the water and power are out? There is no central agency in the U.S. Frightening.
Return
And the biggest realization from this event was:
I am not my sin.
I am too hard on myself on some things. I met so many guys who prayed for me and gave me advice. The event was such a blessing and eye-opening. I’ve made some numerous friends at Awaken Balboa, where I have been on the sidelines too long. Something was moving me to challenge myself and what a blessing it was. I won’t look back.
Off we go
Going to the Emerge men’s retreat in Campo.
EMERGE Men’s Conference 2022 – Emerge
Haven’t been camping in years! Should be fun.
Pro-Ukrainian Memes
Interesting how many people are emoting about Ukraine. The question is, how long will this last?
This reminds me of something I learned from Ken Burn’s Civil War documentary. The series spoke of how when the war first started, people were not taking it seriously; some were watching the first battles like an amusement. Years later, the gravity of the conflict was evident.
Social media has that common emotional outpouring that gives some people meaning. But hopefully these pro-Ukraine memes will prove not weary, but genuine(and lasting for democracy).