Erich’s “What in the (cyber security) world is going on?” 12-22-16 edition

Posting a little early this week due to the holiday. Merry Christmas, and may you have a great Whatever Holiday You Celebrate!

I released my 2017 predictions. 

Don’t tell anyone, but I really just pulled some stuff out of my backside, but figured I was on the hook to do something. I think they are pretty accurate if you take the categories in to account. Your help not holding me accountable for any of these predictions is appreciated. At least it’s entertaining. Javvad Malik’s are much more relevant.


Free CryptXXX decrypter was released. 

Thanks to the folks at Kaspersky Lab, a free tool to decrypt your files hit with CryptXXX has been released. This may or may not be the reason for the “1/2 price for the holidays” offer from the bad guys. I’m thinking it is and thrilled about it. Hopefully they will coal, or reindeer poop in their stockings this year. They deserve it.


Free unlock code for Padlock Screenlocker

BleepingComputer reported the unlock code for Padlock Screenlocker is ajVr/G\RJz0R and that the files are not actually deleted. Let’s keep this sort of thing coming!


Community Health Plan of Washington exposed 380,000 PHI records

The bad guys were there almost a year and got about 380k PHI records. That’s just sad.”It appears that names, addresses, dates of birth, Social Security numbers and certain coding information related to health care claims may have been accessed” but “Banking and credit information was not contained in the data“. Well, isn’t that just lovely. Personally, I’d rather lose a CC# than my SSN.


Columbia County schools victim of data breach

The affected server did not contain student data, but did have “confidential employee information, including names, Social Security numbers, birthdates and more“. In the several weeks since discovery, “Investigators could not confirm if any of that information was copied or compromised“. In other words, they can’t figure out if you are compromised or not. Good luck with that.

There is a patch for the Netgear routers vuln

Go get it if you are affected. That is all!


Social engineering is easy

Not a newsflash, but this video and this video show just how easy it is. This is why you need Security Awareness Training. Teach people that they are targets. It’s important.






L.A. County hit with a phishing attack – 750k records

Confidential health data or personal information of more than 750,000 people may have been accessed in a cyberattack on Los Angeles County employees back in May. “Among the data potentially accessed were names, addresses, dates of birth, Social Security numbers, financial information and medical records — including diagnoses and treatment history — of clients, patients or others who received services from county departments.” But look at the bright side, it was WAY back in May and now you get a year of free credit monitoring. Sadly, your SSN is valid for more than a year and once it’s out there…


Just in time for Christmas, a Galaxy Note 7 fireplace. 

I love this. Words fail me with how much I love this. The ringtone music is a wonderful touch. Have I mentioned that I love this?





Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.