BleepingComputer under attack and Mastodon, the next big thing?

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

Did you know? Reading from a screen slows your reading time. We're going paper, people! Extra extra, read all about it!

In this week's edition:

👨‍💻 Hackers try to frame BleepingComputer🦕 Mastodon, not your traditional data-hungry social network🔥 the quick and dirty

Reading time: 03:37

Hackers try to frame BleepingComputer

Let me start by expressing my gratitude towards BleepingComputer.From providing me with awesome tools (shoutout Rkill and Combofix), to in-depth articles. Everything they make is thought-out, well written and objective. Cheers to the guys and girls at the Bleepster! 

So when I read somebody was trying to frame them, I knew it was time to dust off the ol' boxing gloves keyboard.

So, what happened?

Azov Ransomware, a data wiper type ransomware, was discovered not too long ago.

Hol-up, what's a wiper?

A wiper is an attack type that primarily focusses on destroying - wiping - data.The Azov Ransomware encrypts your data first, with 1 .txt file being dropped on your desktop containing information.Withing the txt, there is a message saying you can get a decryption key if you message certain people on Twitter.Those people all being researchers and writers from BleepingComputer.

Ofcourse, BleepingComputer had nothing to do with it. So it's just a scam to make them look bad.Another scam in this, is the promise of a decryption key itself. There is none.While you are out messaging people on Twitter, the ransomware starts wiping. 666 bytes of data at a time. That's dark, yo.So alas, no possibility to get your data back.

Always remember that there are truly evil people out there.Some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned, or negotiated with.

That is correct, I'm quoting Albert in The Dark Knight.

Mastodon, not your traditional data-hungry social network?

While Twitter is on fire recently, Mastodon has been getting the best kind of marketing there is: the free kind.

One man's loss is another man's gain, and that's exactly what's happening to new and upcoming social media platform Mastodon.For those un-aware, Mastodon is a social media platform with a lot of resembles to Twitter. The major difference is it's hosted on blockchain and therefor: decentralized.That means there are many different servers (nodes) all around the globe, who are equal part owner and host of the platform.

So, why should you care?

Well, if you're following this page for a bit longer you'll have noticed I've written about Twitter a couple of times. And none of those times were to hand out compliments.

Twitter in recent news;

• Twitter's scandalous lack of security goes public | Disable User

• Twitter confirms breach | Disable User

So Twitter is not to be trusted with your data, and a decentralized counter is what we really need.

But where do people go? Nowhere.

This scene IS without any doubt the best scene in cinematic history. No 🧢.

Up until recently that is. As you may have heard, one famous billionaire cowboy has taken over the bluebird. Which lead to massive lay-offs, negative press and what not.

Being around since 2016, Mastodon never really grew popular because of the nerdy vibe it brings.Creating an account is not as easy as it seems, and the landing page can look rather nerdy to normies (yeah I said it). But all that changed when Elon billionaire cowboy took over.

Here's why you could make a Mastodon account:

• Decentralized, so free from billionaire cowboys

• No ads, it's open source

• No data harvesting

• If you really want to secure every aspect of your account, you can make your own server

There are, however, some things to consider:Apart from the basic security hygiene recommendations (good password, use a password manager, use 2fa, ...), direct messages are to used carefully.As Graham Cluyley points out in this article, direct messages are not encrypted, and stored on many server. Depending on what server both you and your conversational partner created their account.Meaning the owners of the server get to see your messages in plain text.Also tagging someone in your direct messages, let's them see it as well.

So no dissing me in the DM's, alright?

Feel free to follow me, although I'm not actively using social media.

The quick and dirty

• Instagram scammer pleads guilty to money laundering, wire fraud, and wire fraud conspiracy - Not all security is digital or cyber. Be wary of scammers.

• Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days - as always, update your Microsoft stuff accordingly.

• US Seizes $3.4 Billion in Bitcoin Stolen From Silk Road - guy frauds bad people and gets 20 year in prison. Welcome to America.

Meme of the week, by Kaspersky (@kaspersky) / Twitter

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)