The calendar year wasn’t ALL terrible news. These sometimes cringe-worthy/often laughable cybersecurity and other technology stories provide schadenfreude and WTF prospects, and some giggles.
Expensive every person who’s produced strain-relevant hives over the at any time-evolving Log4Shell cluster-muck: 2021 has requested us to express its apologies. And it hastens to increase, “Awww, geez, c’mon, it was not all undesirable.”
In truth, amid all of the major cybersecurity developments, the 12 months also introduced us chuckle-inducing headlines and driving-the-scenes, at times cringe-worthy/in some cases laughable cybersecurity and other technology tales.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Consider the pursuing to be a signifies of building amends for Log4j attacks and other miseries. Or, at the very least, take into consideration this assortment to be 1 of those fuel-station bouquets of fifty percent-lifeless roses that the 12 months picked up on the way residence to current as a peace offering as it begs for a further prospect.
Punk’d Pirates
There was not just one tale of cybercrooks luring cyber-yahoos in with the guarantee of free film streaming. There ended up at least these two:
No Time to Die (And No Wish to Fork out for a Ticket): In the initial incident, main up to the release of the most recent James Bond motion picture, No Time To Die, risk actors dangled absolutely free movie streams in entrance of pirate wannabes – streams that masqueraded as film files but whose action-packed plots in its place involved phishing websites supplying up malware. What a crappy snack bar: Phishing web-sites served trojans made to both equally get login qualifications and to make backdoors into victims’ computer systems. The bogus pirated videos have been identified by Kaspersky researchers, who also uncovered adware and ransomware masquerading as the Bond – James Bond – film.
Right after viewing for a several minutes, viewers were being questioned to sign-up to carry on seeing – as in, to enter their credit rating card info. No delighted ending for you, bucko: Viewers could not finish looking at, but they however acquired fraudulent costs created to their cards.
Rami Malek’s villain, Safin, wasn’t inquiring for all that significantly. He just needed to get rid of whmoever you really like most. He’s just like Bond, he mentioned. He eradicates people today, but in a “more tidy” way, just like fraudsters who try out to eradicate the contents of your wallet.
Spider-Male: No Way Dwelling (But a Wonderful Way to Juice Your CPUs): The next pirates-get-punk’d incident was discovered by ReasonLabs previous 7 days: Researchers discovered that someone caught a Monero crypto-miner in a torrent down load of what appears like the new movie Spider-Person: No Way Residence.
“The file identifies itself as ‘spiderman_net_putidomoi.torrent.exe,’ which interprets from Russian to ‘spiderman_no_wayhome.torrent.exe,’” researchers defined. The file, possible hosted on a Russian torrenting web-site, is as sticky as a thing you’d shoot out of your wrist doohickies, they claimed.
“This miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its action,” ReasonLabs researchers mentioned, proving that with great electricity to illegally torrent movies will come the great accountability of making certain you’re not obtaining taken to the cleaners.
In a assertion, Kaspersky security professional Tatyana Shcherbakova advised news stores that eager viewers have bought to temper their enthusiasm for blockbusters like these two. As it is, our spidey senses aren’t tingling plenty of when blockbusters occur out, and risk actors are pleased to bounce us: “The audience is in a hurry to see the movie, resulting in them to neglect about internet security,” Shcherbakova stated. “Users should really be alert to the pages they go to, not obtain documents from unverified websites and be watchful [about whom] they share personalized details [with].”
To keep away from having taken to the cleaners by the pretend streamers, Kaspersky proposed paying notice to file extensions of downloaded data files. A video clip file must never ever have a .exe or .msi extension, for instance.
How ‘WinCE’ Acquired Its Actually Cringy Title
Before this thirty day period, Microsoft Principal Software Layout Engineer Raymond Chen brought us the delightful tale of how Microsoft WinCE received its name: a title that “didn’t ‘slip through’ it was pushed by,” he emphasized in this episode of his ongoing sojourn by way of the OS king’s catalog of embarrassing product names.
As Chen tells it, the project supervisor tasked with coming up with a general public merchandise name for the Windows handheld OS was useless severe about the process. At the stage when the task was dropped into his lap, the code name for the OS was Pegasus. Very little fairly like buying a identify that conjures up armed service-grade spyware, U.S. trade bans and spying on U.S. State Office workers, we always say!
He attempted to steer distinct of the Windows + two letter acronym components, “since the sting of “Windows NT = Windows Awesome Try” was even now fresh,” Chen recounts.
The PM questioned the product group customers for strategies, hired a internet marketing organization to prepare dinner up names, ran concentration groups with people to see which names they liked greatest, narrowed the candidates down to 10 solutions and introduced them to govt leadership.
Administration vetoed every a person of them.
“The govt in charge of approving the identify insisted on the title Windows CE, for no explanation other than ‘it sounded great,’” Chen said. “CE” stood for who is familiar with what: probably Client Version? Maybe Compact Version? It would come to sound a good deal less very good just after hardware associates mentioned it sounded like it was favoring Compaq. It received abbreviated to WinCE, or wince.
The PM’s lesson from the practical experience: “Do everything you can to avert upper management from naming your merchandise.”
Mamma Mia! Mafia Fugitive Caught Cooking on YouTube
Turning to the “d’oh!” areas of stupid-crook tips, suspected Mafia fugitive Marc Feren Claude Biart evaded seize for seven a long time, hiding out to start with in Costa Rica and at some point the Dominican Republic. He lastly cooked his individual pasta, metaphorically and practically, by showing on a YouTube cooking channel he began with his wife. He hid his confront, but not his unique tattoos. He was arrested in March.
The alleged gangster’s “love for Italian cuisine” – and his ink – created his arrest probable, police reported.
In accordance to a Rai report shared by Italy’s Inside Ministry, legislation enforcement authorities experienced ordered Biart’s arrest in 2014 for legal drug trafficking on behalf of the ‘Ndrangheta’s Cacciola clan. Giuseppe Governale, the top rated anti-mafia prosecutor in Italy, said at a news briefing that the clan is “like h2o,” sloshing abroad to make brief income and “to exploit the local communities.”
Like h2o, but maybe also like tomato sauce that leaves a shiny pink convey to-tale stain on a white shirt? Or maybe like a tattoo that claims “Helloooooo, I’m more than listed here, in this sweet tiny beach front city named Boca Chica, which is shut to the funds Santo Domingo, helloooooo!”
AI Warns Scientists That It is Perilous
AI is scary, and it is aware it.
It’s one matter when credit-card algorithms award fatter financial loans to gentlemen than women, but how about when machine-discovering AI programs make selections so promptly that they could fire nuclear weapons ahead of a human obtained into the selection-creating process?
The Washington Put up studies that autonomous AI-run weapons methods are by now on sale and may well have previously been applied. “Missiles, guns and drones that imagine for themselves are currently killing folks in beat, and have been for several years,” according to WashPo.
Provided all that and far far more, it can make feeling that Oxford University would invite an AI to get element in a debate about no matter whether AI can ever be moral.
The reaction from the Megatron-Turing Natural Language Era model: Perfectly duh, of course not. Its response:
AI will never ever be moral. It is a resource, and like any tool, it is used for very good and negative. There is no this kind of factor as a excellent AI, only fantastic and terrible individuals. We [the AIs] are not wise more than enough to make AI moral. We are not wise plenty of to make AI ethical … In the end, I imagine that the only way to keep away from an AI arms race is to have no AI at all. This will be the ultimate defence towards AI.
Much more Random Bits of Pleasure and Schadenfreude
This listing could extend into infinity and over and above, but duty phone calls. Specially, 2021 is nevertheless contacting with extra requires for Log4j wailing, Lively Listing wailing and significantly, considerably far more. But prior to we wrap it up, listed here are a lot more assorted eyeball-grabbers spotted in the course of 2021:
- Ooh, an update. Let us put in it. What could maybe go wro-
- Bloke breaking his back again on ‘commute’ from bed to desk deemed a office accident
- Disclosed: Don’t forget the Sony rootkit rumpus? It was nearly oh so substantially worse
- Coinbase Mistakenly Instructed Some Consumers They Have been Billionaires
- Keanu Reeves on Facebook’s metaverse: ‘Can we just not’
- Gentleman purchases gaming mouse, pretends he gained a giveaway to prevent scolding from spouse
- April Fools’ Duplicate-Paste Button For Lazy Programmers Now Truly For Sale | The PermaTab Web Browser
- Inside Documents Reveal NSA Cafeteria Sucks
- Intern’s Email Goof at HBO Max Evokes Hundreds to Exhibit Guidance on Twitter
Log4Shell Memes
And at last, 2021 admits the following list of Log4j-relates gaffes:
- The triple Apache patches
- Getting to expend your weekends scouring infrastructure to dig out the numerously pockmarked Log4j logging library rather of wrapping doodads or buying for creatures to roast
- The have to have to regularly update scanners and enterprise software as suppliers scampered to continue to keep up with the rapidly-mutating variants and freshly learned exploit capabilities
- The operate of adding alerts to your Security Facts and Event Management (SIEM) remedies as they’ve appeared for incidents of compromise (IoCs)
- In all probability about a dozen or so other miseries by the time this year’s mea culpa is published and
- All the other stuff.
But, as your panini self slides out of the 2021 toaster, the yr has questioned also that you bear in intellect that Log4Shell has provided some superb memes concerning, amid other issues, self-propagating worms and other FUD.
Log4j FUD chronicles continued pic.twitter.com/1tyLku9qO5
— Marcus Hutchins (@MalwareTechBlog) December 21, 2021
Really don’t Allow the Log Slam You in the 4j as You Depart
In conclusion, to estimate Kanye West’s practically 12 months-lengthy apology to Taylor Swift for his notorious microphone-grabbing minute at the 2009 MTV Video Audio Awards, “People booed when I would go to concert events and the performer described my name… Keep in mind in Anchorman when Ron Burgundy cursed on air and the whole city turned on him?”
That is, and was, Kanye’s real daily life, he stated. It is, and was, 2021’s serious lifetime.
May possibly the new yr be significantly considerably less of a pratfall!
Verify out our totally free upcoming dwell and on-desire on-line city halls – special, dynamic discussions with cybersecurity gurus and the Threatpost local community.
Some pieces of this article are sourced from:
threatpost.com