Security – Page 15 – Scriptingthewhy.com

Modding Minecraft & You

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Mining myself a whole new world.
Photo by Alexander Kovalev, please support by following @pexel.com

Just when you thought your children were building a harmless digital landscape for themselves comes an upload of new problems. Hackers have been changing the attack vector landscape for themselves which could have your bank account seeing a lot of red.

It has been well known by now, even if you have been living underneath a 1970 Volvo station wagon, that the game “Minecraft” has been the focus for hackers over the past couple of years. The last major event was Log4j, a vulnerability exploit that set the internet ablaze for a few weeks.

A thing we would like to see is how much of a problem this will be and whether it will continue in the foreseeable future. Like normal, we’ll be looking at what the attack is, who used or created it, its functions and effects upon its release, and some ways you could keep safe.

Hebert, there’s a new script and you might want to read this one because we need to talk about Kevin.
Photo by Yan Krukau, please support by following @pexel.com

The Attack

This is no secret by now that hackers have been using Minecraft as a place to commit their nefarious deeds. The latest of their information-stealing malware/spyware is being called “Fractureiser”.

If you’re unfamiliar with mods and modding we’ll quickly explain, there are some cases where a game is good, but it could be better, this is where independent developers or bored developers put together some code and add it to sections of the game. Like in Skyrim, there was a mod to have Tony Starks Iron Man armor.

It’s a grey area when it comes to knowing if modding is legal in the gaming industry because there are some games that can get banned from servers but to keep things simple, remember not to mod games where you must play with a community.

Tim: They mentioned my Iron Man mod.
Sarah: Shut up Tim, that means they’re on to us.
Photo by Tima Miroshnichenko, please support by following @pexel.com

Who Can It Be Now

At the moment no one has been named, neither group or individual responsible for the creation or use of the malware but threat actors have been using platforms like CurseForge and Bukkit as attack vectors for the malware.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

You see that line of code right there. I didn’t write that.
Photo by Christina Morillo, please support by following @pexel.com

Sinking Feeling

Fractureiser’s functionality has been reported by Bleeping Computer, breaking it down into four stages of the attack. In the beginning, stage, when a mod is uploaded, it’s hijacked and injected with malicious code into the main class of the given project.

This attack is taking place in the Java programming language, just know Java is popular and used everywhere. The main class is a section of the code that holds what the program is going to execute. The program is overwritten and connected to a URL (Uniform Resource Locator) that downloads a file unique to the operating system (OS).

Afterward, another connection is made where the malware captures the user’s IP address and reports it back to the command and control (C2C) server. The malware then connects the same IP address to port 8083 for it to download another file and save it to the machine’s OS. The possible effects of having your information collected could be endless as it could be used by the threat actor to purchase loans and other things in your name or can be sold to other interested parties.

This all takes place while you are building your world in Minecraft. Just when you thought you were being the crafty one.

Modding is at your own risk.
Photo by Nadin Sh, please support by following @pexel.com

The Prevention

Outside of you crafting your way to new beginnings, it seems like this will continue to be a problem in the future because hackers are coming up with new ways to onboard malware to your machine.

An inconvenience for having this on your machine is the reinstallation of the OS which could wipe out everything if not frequently saved via an external drive. The best way to keep your machine and your wallet safe is to keep from adding modifications to the game since there could be malicious files or code injected into the uploaded package.

Well played Scriptingthewhy…we’ll meet again.
Photo by Tima Miroshnichenko, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Fractureiser? Script a comment below.

Security, Tech

Bank Draining Done with Love

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Sneaking into your computer to see what’s up.
Photo by Moiske2l Officiel, please support by following @pexel.com

Advanced Persistent Threat

You were to print “Hello World”

You know, there’s no better feeling in the world than having someone take money from your bank account. This was said by no one ever. As the world turns, we face more and more threats online. At this point, we just have to admit that hackers, scammers, threat actors, or whatever your company wants to call them, they’re getting better at their job.

To add insult to injury, when they improve, it leads to them getting better pay. When you improve at your job, you may get a new title and make about the same pay with more responsibilities. Are we saying for you to be rich? Maybe. Are we saying for you to get paid what you’re worth? Definitely. Pushing making light of corporate logic aside, an issue has surfaced online that has a few people concerned about the safety of their computers and finances.

What is this issue? Glad you asked, look no further than “GooseEgg”. You don’t know what that is? Don’t worry, we have you covered on that. We’re going to look at what GooseEgg is, a few things you may need to know, and if this is something that you should power off your computer for. Spoiler, for the most part, you should be safe.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sitting on a park bench or laying down for a picnic, we know you have food. We’re coming.
Photo by Pixabay, please support by following @pexel.com

GooseEgg, is kind of a weird name for something on the internet but hey, the internet is a weird place and it’s only getting weirder. GooseEgg, also known as PrintNightmare, is a tool that can prompt other programs with elevated privileges.

Once a threat actor has this at their disposal, they’re in. How is this a problem? Simple, if someone has the same level of privilege as you, that means they can do anything you do and maybe… better. How does this appeal to you? You have money, we’re telling you how to keep your money safe or at least try to.

Banks will still let someone take money from your account. Think it’s covered in the insurance so, they’ll let the person take your money and refund you somewhere 90+ days later. That’s all right, it’s not like you needed the money right away for anything.

WHAT DO YOU MEAN IT’S GOING TO TAKE ABOUT 90 DAYS!?
Photo by Andrea Piacquadio, please support by following @pexel.com

So, you may be wondering the same way as Al Pacino did in Scarface. “WHO PUT THIS THING TOGETHER!?” Researchers have pointed in the direction of a Russia-linked cyberespionage group APT28. Whether they have been using it or not isn’t the point. We’re sure this can be found on the dark web, that’s where all the “fun items” are sold.

You won’t have to do anything outside of your normal for protection. Having an update-to-system, anti-virus software, and applications will keep you safeguarded. Security may not be 100%, but following best practices can see you being able to pay your rent on time.

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on GooseEgge/PrintNightmare? Script a comment below.

Security, Tech

Don’t Get Hacked: Finding the Security Sweet Spot (It’s Not Under Your Desk!)

Key Takeaways

Cybersecurity is important: Data breaches can be expensive and damaging.
Balance cost and risk: Understand your risk tolerance and prioritize security measures accordingly.
Use strong passwords and MFA: This makes it harder for hackers to steal your information.
Keep software updated: Updates often contain security patches that fix vulnerabilities.
Be cautious of phishing emails: Don’t click on suspicious links or attachments.
Do a cost-benefit analysis: Weigh the cost of security solutions against the potential benefits.
Stay informed: Keep up-to-date on the latest cybersecurity threats and best practices.

This can happen sometimes when you put money over security.
Photo by Mike Bird, please support by following @pexel.com

Let’s be real, “cybersecurity” can sound about as thrilling as watching dial-up load a webpage. But hold on! Skimping on security is like playing dodgeball with a digital wrecking ball – and trust us, you don’t want to be the one getting flattened.

Here’s the thing: protecting your data is a balancing act. You want ironclad defenses, but who wants to break the bank for them? This is where understanding your risk tolerance comes in. Imagine you run a small business. A data breach could mean lost customer records and credit card info, a huge blow. But for a personal computer, maybe it’s just some embarrassing childhood photos.

Security? More Like Sanity!

Think of strong cybersecurity as an insurance policy for your digital life. A single breach can unleash a financial nightmare worse than accidentally buying that “guaranteed muscle growth” protein powder (we’ve all been there). Data loss, hefty fines, and a damaged reputation are all on the menu.

We can’t get hacked. We have MONEY!!!
Photo by Gustavo Fring, please support by following @pexel.com

Counting the Cost of Catastrophe

Investing in security isn’t about throwing money at a problem. It’s about being proactive. Imagine your data as a family heirloom. Sure, you could leave it on the coffee table, hoping nobody swipes it, but wouldn’t you feel better with a locked cabinet (read: strong passwords) and maybe a security camera (read: antivirus software)?

The cost of a data breach can dwarf the cost of decent security. Studies show that the average breach can cost companies millions – enough to make even the most frugal accountant sweat.

But Wait, There’s More!

Balancing security with affordability is a personal journey. Every organization (or individual) has a unique risk tolerance. Think of it like your spice preference. Some folks can handle the heat of a habanero, while others stick to bell peppers. A risk assessment framework, like the NIST Cybersecurity Framework, can help you identify your critical data and prioritize your defenses accordingly.

Remember, security isn’t about buying the fanciest antivirus (though a good one is essential). It’s about layering your defenses like a well-dressed onion (because seriously, who wants a naked onion?). Here are some specific things you can do:

Strong Passwords & Multi-Factor Authentication (MFA): Use a unique, complex password for every account and enable MFA wherever possible. This adds an extra layer of security, making it much harder for hackers to break in.
Software Updates: Always keep your operating system, web browser, and other software updated. These updates often contain security patches that fix vulnerabilities hackers can exploit.
Beware of Phishing Emails: Don’t click on suspicious links or attachments in emails, even if they seem to come from a legitimate source. Phishing emails are a common way for hackers to steal your personal information.

This…is just impressive.
Photo by cottonbro studio, please support by following @pexel.com

Let’s Talk Turkey (or Should We Say, Talk Security?)

So, how do you find the security sweet spot? Here are a few tips:

Think Cost-Benefit Analysis: Not all security solutions are created equal. Weigh the cost of implementing a solution against the potential financial benefits of mitigating risks.
Measure Your Wins: Security isn’t just about avoiding disaster. Look for ways to quantify the value of your security investments using metrics like Return on Security Investment (ROSI).
Stay Informed: There’s no shame in admitting you’re not a cybersecurity guru. Check out industry reports on best practices and keep yourself updated on the latest threats.
Join the Conversation! We all have a role to play in keeping our digital world safe. Share your security strategies and experiences in the comments below. Remember, together, we can build a fortress so strong, that even the most determined cyber-crook will be left hacking away at their keyboards in frustration. Because let’s be honest, wouldn’t that be a sight to see?

Love learning tech? Join our community of passionate minds! Share your knowledge, ask questions, and grow together. Like, comment, and subscribe to fuel the movement!

Don’t forget to share.

Every Second Counts. Help our website grow and reach more people in need. Donate today to make a difference!

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00

$15.00

$100.00

$5.00

$15.00

$100.00

$5.00

$15.00

$100.00

Or enter a custom amount

Your contribution is appreciated.

Donate Donate monthly Donate yearly