Tag: cyber security

Cloud Talk, Security, Tech

Cloud, Hackers, and a Wallet

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Cloudy with a chance of emptied accounts.
Photo by Nicolas Jaramillo, please support by following @pexel.com

In the great big world of IT (Information Technology) things in cybersecurity have always been but, even more now, getting more interesting with every new technology or model that pops up.

If you haven’t been living under a rock no less an underground bunker, chances are you have heard about the cloud and all the wonders it has to offer to make your life and even your business flow a little easier however, in the landscape having access to a monolith of services and your choice of pay models looms something in the midst.

Whatever pay model you choose, you may be offering the same choice for an unwanted guest. Don’t know what I mean, let me script it for you.

I could be reading script right now, but I have to fix this stupid car.
Photo by Malte Luk, please support by following @pexel.com

Cloud from Underground

For those who finally came out from underneath that rock or finally believe the air is breathable and things in America and around the world are getting better, I welcome you. Let me give you this quick overview of the cloud and all its glory, all hail Hydra- I mean the mighty cloud.

The cloud or better known as cloud computing is a massive network of distributed services. There are services for housing and examining big data, environments for building applications, and creating automation to execute certain tasks are some of the things you can do in a cloud.

The list of what you can do goes to no end and it’s still expanding. As far as providers go you have the big three and yes this will be biased so be prepared to not agree which you’re welcome to do. They are AWS (Amazon Web Services), Google Cloud, and Azure from Microsoft. What about IBM’s cloud, you ask? Simple, IBM and I don’t talk, AWS all the way baby.

Back on the point, the cloud offers serverless computing, this is the execution model where the CSP puts together machine resources on demand and is done on behalf of the customer.

So, in short, the term serverless doesn’t actually mean there aren’t any servers, serverless means that all of the backend infrastructure is handled by the vendor. For all of you who came out of a bunker, you can go back in now, things haven’t gotten any better.

Enjoying so far?

Check out this other script on cloud. Click here.

It’s just a DDoS, there’s nothing to worry about. It’s not like I need to keep my job or anything like that.
Photo by SHVETS production, please support by following @pexel.com

Denial of a Panic

So, why is this important? How does this information benefit you? Again, you’re offered a pay-as-you-use model for a lot of services. This means attackers have more options when it comes to performing an attack.

DoS (Denial of Service) or DDoS (Distributed Denial of Service) are events where someone is trying to access a website but can’t because the website’s servers are being overwhelmed by traffic from zombies (slave bots).

This is a somewhat normal event and SOC (Security operation center) teams are prepared, for the most part, to deal with them. However, with the addition of the cloud, things have become more complex.

The name of the new challenger is called DoW (Denial of Wallet). And before you ask, yes, I’ll tell you what’s in your wallet when this attack is done.

I don’t think this is what Z-Daddy meant by denial of wallet, it’s more like denial of money.
Photo by Andrea Piacquadio, please support by following @pexel.com

Wallets Racking Up Prices

As mentioned before a DoS/DDoS is not having access to a resource like a website because the server is being overwhelmed by traffic. DoW works similarly but the difference is you run out of money to request resources and services in the cloud.

An attacker can gain access to your account in a variety of flavors and once in, they can begin to rack up charges in your name or your business’s name. This is because to use or to have access to a cloud a credit card must be on file to charge.

Once the card on file reaches its limit and money can no longer be drawn for services, resources are stopped until the bill is paid. Here’s some small math for you, let’s say you were using a server and it cost $0.10 per minute to run that server but you have it scheduled to run between business hours, five days a week. $240.00 USD in a week isn’t a problem because you may have that amount on hand.

However, your account gets hacked and changes the server schedule to run every hour including the weekends changing that $240.00 to $1,008.00 USD in the first week. But not only that, other resources were added and set to run every hour including the weekends. Money runs out quickly in the cloud when you’re hacked and not paying attention. Just when you thought the sky was the limit.

Kim: Girl, you never use the root account. Ain’t you read Scriptingthewhy?
Sarah: What’s that?
Kim: Girl, here. go to the site and you’ll be hip to the games.
Photo by Andrea Piacquadio, please support by following @pexel.com

Accounting for the Root

At this junction, you’re probably sitting at your computer wondering how you can prevent from seeing another bill you either can’t or simply don’t want to pay sneaking its way into your email. Well, I have some good news, following best practices when setting up your or someone else’s cloud.

Always employ the use of setting up a general account, and do not for the love of Sam Smith’s Unholy, do not use the root account because if that account gets hacked, you can kiss your cloud goodbye.

For those who might not know why not to use the root account, it’s like using the admin account on your computer, if someone gains access to it, they can do whatever they want since it’s the highest level of privilege. And if you set up someone’s cloud and the only account is the root, well needless to say unemployment is in your future, that’s cloud 101 and you should know better.

Shaming aside, using multifactor authentication adds another layer of security for accounts and the most important action to take is setting up a budget with multiple avenues, like emails and text messages to reach you as this will alert you when you are approaching your undesired limit for your budget.

And checking in periodically with billing and usage along with checking logs could see you better off as this helps to keep you alert as well. It’s great to have your head in the cloud but fending off unwanted bills can help keep you grounded and employed.

Scriptingthewhy has helped me keep money in my wallet. Z-Daddy, you strike again.
Photo by Lukas, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Did you have a time where you may have encountered a DoS situation? Script about it below.

AI, Programming, Tech

AI in the Job Market and You

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Alexa, I said I wanted “spam”, that didn’t mean mail me spam.
Photo by Andrea Piacquadio, please support by following @pexel.com

AI Talk

What’s the big deal!?

As the world turns, we’re finding more and more technology coming out, malware being spread, and phishing attempts ending up being successful. Not sure how phishing attacks are still getting people in trouble, but hey, when you’re lonely and want money, a prince is a prince. In the grand scheme, we should be proud of our wonderful accomplishments. However, we simply can’t have nice things. I mean, we have life, and we’re making that difficult. A quick shoutout to our four fathers for paving the way to this point. Point out life’s struggles aside, what is the latest in this crazy world? If you have been living under a rock, then let us introduce you to the world learning to live with “AI” (Artificial Intelligence).

Gasp, yes, the computers are getting smart, but they’re not getting smarter than us…yet. We’re going to be looking at what is AI, a little of how it came about, and what are some things you may need to know to keep your job. Because yes, AI will take your job. AI, what is it? It’s the uprising of the machines and taking the world for themselves. You’ve been informed, thank you for reading, and have a good day.

No, AI in its simplest terms, is giving machines the ability to learn like humans do from experiences. This could range from playing critical thinking games like chess and checkers, to self-driving cars. And before you think to say anything, don’t doubt checkers, there have been some tense moments. Now given our machines can learn (somewhat) like we do, to the machine this all breaks down to just ones and zeros.  

The ones and zeros, which are called “binary”, are encapsulated in what’s called “machine language”. We’re not going to cover it now, just know, if you want to learn this programming language.  You’re going to be heading down a rabbit hole because you’ll be learning how the computer puts together outputs for humans to understand.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I work with computers, my job is safe from AI, right?
Photo by Brett Sayles, please support by following @pexel.com

The early days of AI, which has nothing to do with what we have today, began with a mixture of mathematics, philosophy, and technology from the Greeks. That was then later pioneered by Alan Turing, an English mathematician and logician. He proposed the idea that machines could simulate human intelligence. Then at the Dartmouth Conference in 1956 is often cited as the birth of AI as a field of study, where the term “artificial intelligence” was first coined, and the potential of intelligent machines began to capture the imagination of researchers.

This discipline formed the making of simple algorithms for the development of complex neural networks. An example of this is each neuron in your brain has a set of instructions or a program, which when it has information, that information is sent down the line to the next neuron for processing. Bringing this to a larger scale, a neural network working in tandem to provide decision-making. Choosing to learn builds your neural network, choosing not to build…well, nothing.

Okay, so at this junction, you’re probably wondering “How is AI going to replace me at work?” To answer your question, it’s a grey area. AI will replace jobs like customer service, basic software engineering, and other basic one-dimensional occupations.

We’ve seen how cashiers in a way getting phased out with self-checkout kiosks popping up in stores. Call centers and websites have moved to using AI instead of people. Developers have turned to the aid of AI to develop code. AI at this point in time will not replace jobs like carpentry, doctors, or construction.

However, just because it’s not happening right now, doesn’t mean it’s not going to happen within the next five years. The best way to ensure that you have a job is to make sure AI doesn’t outlearn you. This means go out and start learning today more than you did yesterday.

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on AI? Script a comment below.

Cloud Talk, Security, Tech

Google Ribbed Play Store

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Tucker: What’s with this scriptingthewhy nonsense? You actually like this stuff?
Becky: Granddad, just read it. You might learn something.
Photo by cottonbro studio, please support by following @pexel.com

Picture this if you will, you’re on the Google Play Store. You’re clicking around, hopping in and out of application descriptions, and viewing all the potential great ideas that developers have worked tirelessly to create and you’re just having a beaming time.

While rifling through several apps, you find one particular to you and figure to download it. While watching the app’s progression in downloading you begin to get an eerie feeling like something may be off.

Let me script for you how things may get interesting in the days to come. Trust me, you’re not going to love it.

Oh come on Zeroclay, what about my phone isn’t safe now!?
Photo by Olha Ruskykh, please support by following @pexel.com

Few Malware Apps a Ton

If you have an Android product, then there is a high chance that you have spent some time on the Google Play Store viewing tons upon tons of applications just waiting to be installed on your phone.

Now while it is common knowledge that the Play Store is a trusted source, that does not necessarily mean that everything on the Play Store is a trusted product. As of recent there has been a surface of a malware called “Fleckpe”.

Fleckpe is an Android Trojan that first appeared at the start of 2022 and not only has it amassed more than 620,000 downloads, but it has been receiving upgrades as well.

But I can hear a few of you reading this saying “Z-Daddy, I’m not clear on what a trojan is.” And to those few, don’t worry, I got you. A trojan is malware that is disguised as a legitimate program and when installed, is released, and can wreak havoc on your machine. Clearly, this trojan isn’t ribbed for your pleasure.

Also, one of the upgrades has a nasty secret feature you’re not going to be happy about knowing. Needless to say, this trojan is packing and again, it’s not for your pleasure.

Evan: he said it had affected here, here, and here.
Ms. Simon: You’ve been reading scripts again instead of doing your homework, haven’t you?
Photo by Tima Miroshnichenko, please support by following @pexel.com

Packing the Details

So, what are some of the areas that are feeling this trojan’s imprint? Well, since this is on the Google Play Store and the Play Store has users in a lot of countries leading this to be pretty much set on a global scale, you can count on this imprint to be globally distributed.

Although, areas that have been confirmed to be affected are Thailand, Indonesia, Singapore, Malaysia, and Poland. As a side note, it has been noted that authors of novel viruses, malware, and trojans alike have said that they are pleased when their creations go places where they can’t.

One author had said that even though the US had kept him away, the fact they couldn’t do the same with his creation was a satisfying feeling.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

What’s this nudemidgetcowgirlsfromouterspace subscription and why is it $29.89 a month? I never signed up for this!
Photo by MART PRODUCTION, please support by following @pexel.com

Unwanted Subscriptions and Spin

Are you wondering how this trojan worked? Once you had downloaded and installed one of the eleven infected applications from the Play Store, which were used either for photo editing, wallpapers for the background of your device, or an application that involved the camera, the good times would roll downhill…along with your credit score.

The infected app would request access to notification content that is required to capture subscription confirmation codes for an array of premium services. Fleckpe then springs into action, decoding its payload containing infected code. The payload contacts the command-and-control (C2) server that relays information back to the attacker about the newly infected device.

This includes the Mobile Country Code (MCC) and Mobile Network Code (MNC). Following this would be a paid subscription page that is opened on an invisible web browser window and attempts to subscribe on the victims’ behalf by abusing the granted permissions and obtaining the confirmation code required to complete this step.

Yes, this is exactly what you’re thinking. It’s like having your spouse sign you up for a spin class without your knowledge and opting for the highest difficulty so they can get a laugh.

Ugh, unwanted bills, spin class, and subscriptions. How do we stop this one now Z-Daddy?
Photo by Tima Miroshnickenko, please support by following @pexel.com

Watching Bill and Company

Are you ready to take some steps to ensure this doesn’t happen to you? There are a few steps you can take to ensure that you don’t get imprinted with this trojan on your device.

One way is just to be cautious of downloading apps from both trusted and unknown sources. Being vigilant when dealing with requested permissions during the installation process and keeping a watchful eye on your billing statements to catch any unauthorized activity such as subscriptions and charges.

Below are the comprised apps:

  • Beauty Camera Plus (com.beauty.camera.plus.photoeditor)
  • Beauty Photo Camera (com.apps.camera.photos)
  • Beauty Slimming Photo Editor (com.beauty.slimming.pro)
  • Fingertip Graffiti (com.draw.graffiti)
  • GIF Camera Editor (com.gif.camera.editor)
  • HD 4K Wallpaper (com.hd.h4ks.wallpaper)
  • Impressionism Pro Camera (com.impressionism.prozs.app)
  • Microclip Video Editor (com.microclip.vodeoeditor)
  • Night Mode Camera Pro (com.urox.opixe.nightcamreapro)
  • Photo Camera Editor (com.toolbox.photoeditor)
  • Photo Effect Editor (com.picture.pictureframe)

Make sure you check the reviews to see if anyone has had or is having issues with the application. If you find that you have downloaded one of the following applications that were compromised, uninstall them immediately and keep a watchful eye on your phone bill.

The main thing you can do is remain vigilant as scammer scamming is increasing on the marketplaces such as Google Play. All-in-all, it’s best practice to just keep a watchful eye on your bill seeing as though there is no real sure-fire way to protect from the bad guys getting in. Security is always secure enough, it’s never 100%.

Tom: I’m great goalie…but even I can only stop so much.
Photo by Tony Schnagl, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Fleckpe? Script a comment below.