Sun City Computer Club
Cyber Security SIG
April 21, 2022\\
SIG Announcements�Driverless car pulled over (no lights)
But I have a VPN
You – ISP – Internet
You – VPN – Internet
Evading censorship
Surveillance – tracking
Torrenting
Streaming
Public Wi-Fi
Current Issues�And Catalan politicians� Tarrask zero day
hidden scheduled tasks
subsequent actions to hide
maintain persistence
https://www.microsoft.com/security/blog/2
022/04/12/tarrask-malware-uses-
scheduled-tasks-for-defense-evasion/
https://sccccyber.blogspot.com/2022/04/mi
crosoft-0-day-tarrask-using-scheduled.html
Current Issues�NGINX web server 0-day
Microsoft autopatch
Rings: Test, First, Fast, Broad\\
Halt & rollback\\
Russia protest in JavaScript repository
May 2022 end of service
Windows 10 20H2 Windows 10 1909\\
Port knocking defenses
Spring4Shell
Just Walk Out Minute Maid Park
Current Issues�Coinbase�US House launch investigation ID.me
Facial recognition concerns
Privacy, Failure rate, etc.
IRS to require ID.me to delete selfies and face
scans
Issues with older and poorer - no camera
Deflating SUV tires
Incontroller newly discovered malware
Industrial control systems
NOT financially motivated
Insteon down?
Doxxing
Current Issues�Do NOT Hack back
Contact Law Enforcement
Use protections MFA, strong passphrase,
unique passphrases\\
Google Alerts
Limit and review social media postings
Doxxing�Hand your iPhone around?
Notification previews
Settings > Notifications > Show Previews
FindMy
Screen Time Passcode
Set and remember passcode
App Limits 1 minute?
use passcode to bypass limits
Handy iPhone�Screen Time iPhone iPad�Directory of direct links to delete you account
Green – easy
Red – difficult
Black - impossible
Justdelete.me�There are services
Remember you provide your info
Helpful ↔ Harmful
Justdelete.me
ASRock motherboard driver
Joint advisory
DOE, FBI, CISA, NSA
Owe IRS? Pay with cash:
Family Dollar, CVS, Walgreens,7-Eleven,
VPNs installing root certificates
Surfshark, TurboVPN, VyprVPN
Lenovo UEFI vulnerability
Brave browser bypass Google AMP pages
Accelerated Mobile Pages
7-zip Elevated privilege vulnerability
version 21.07 and previous\\
MetaMask seeds stored in iCloud
Current Issues�Better for life hacking than SSN
sites WhoEasy, White pages, Fast People Search
SIM swapping
Forgot my password
Texting scams
Google Voice
2 lines
Cell Phone number� SMB1 disabled Windows 11 insider
Google adds “badges” to chrome extensions
Featured & Established Publishers\\
Apple Beta updates
Monterey 12.4\\
iOS 15.5 iPadOS 15.5\\
Chrome OS 100.0.4896.133
Golden Knights event ⇒ Capitol evacuation
DHS Thwarts cyber attack on undersea cable
Ukraine defends power grid attack
Current Issues� https://www.propertyfraudalert.com/TXWilliamson/Home/Disclaimer
To prevent property fraud
just provide this website with every PII to
commit property fraud
Today many entities will easy cash any property
Property Fraud� And devices along for the ride
Insurance monitors
Save $ iff you never ever …
Otherwise
Smart devices phones, tablets, game
consoles
Garmin camera, microphone, SD card
1 – 2 Terabytes/day
Not wiped
dealership, auto shop, wrecking yard\\
Automobile data collection� 7 data breaches in past 4 years
Ask if T-Mobile in your area?
Group texts thus unable to block
T-Mobile
Helpful < - > Harmful
Awareness, Preparedness, Understanding
SCCCCyber@gmail.com