Hi friends and readers!!! I hope you are all-OK during this trying Covid-19 times. I am doing great and is currently working remotely because Manila and the rest of Luzon, Philippines is under the Enhanced Community Quarantine.
Long time no post here in menardconnect.com but today, I have some good news for those who are also working from home that I would like to share to all:
Our company Trend Micro is giving some FREE security products for those working remotely/work-from-home/teleworker. If you have employees/staff currently working from home using their personal computers, Trend Micro would like to provide your employees with 6-months free access to our consumer internet security product, Trend Micro™ Maximum Security.
Let Us Help Secure Your Teleworkers The effects of COVID-19 have been far reaching. We want to help where we can.
If you have staff currently working from home using their personal computers, we would like to provide your employees with 6-months free access to our consumer internet security product, Trend Micro™ Maximum Security.
Trend Micro Maximum Security provides comprehensive protection against online threats. With Maximum Security, users can:
– Defend against web threats such as ransomware and other online dangers. – Shield their privacy by blocking dangerous websites that can steal personal data. – Avoid fraud and scams by guarding against phishing emails.
How it Works
Sign up to receive a product download URL that you can share with your employees.
Employees download and activate the Maximum Security product for either their personal Microsoft® Windows® or Mac computer (one device per download).
Your employees will be given 6-months free access. After the 6 months, their access will simply expire (unless the individual decides they would like to renew the product—no obligation).
Cryptocurrency-Mining Malware: 2018’s New Menace? By Menard Osena
Will cryptocurrency-mining malware be the new ransomware? The popularity and increasing real-world significance of cryptocurrencies are also drawing cybercriminal attention — so much so that it appears to keep pace with ransomware’s infamy in the threat landscape. In fact, cryptocurrency mining was the most detected network event in devices connected to home routers in 2017.
It’s been 4 years na pala since my last blog post at TrendLabs Security Intelligence Blog, and I really feel great that I’m writing again there. I am still not decided if my other follow up insights will be for menardconnect.com or for AVSecurityProductManager.com but definitely there will be some follow up posts at #TrendLabs #Security Intel Blog and my blogs… Soon!
But for now just let me do a repost and some shoutouts and mentions 🙂
Special thanks to John, JR, Dianne, Bri, Caloy, Kerr and Gelo. You guys rock!
And some waves and hugs to my TrendLabs CoreTech XRS Ops Team 🙂 I love you all!
I am seeing lots of social media activity from my online Pinoy friends about Bitcoin, Cryptocurrencies, and hacking and oh boy I’m really amazed that we’ve got lots of pinoy experts on BTC and crypto and hacking now na ha! Hehehe!
Honestly I think this is good and bad! Good, that there is an increasing interest in this topic and therefore more meaningful conversations can follow. Bad, because I see a lot of FUD (fear, uncertainty, doubt) out there about bitcoin and crypto (re: Bitcoin is EVIL), and I believe that FUD = misinformation and will not be helpful for all if it is not properly put into its place.
Disclaimer: I do not claim to be an expert on Bitcoin and cryptocurrency. I am just fortunate that in my line of work I am exposed to the good and bad of Bitcoin and cryptos. And as GI Joe series taught me “…Now you know… and knowing is half the battle” so I’m posting my thoughts here at menardconnect.com.
So first, before we spread FUD about bitcoin,cryptocurrencies and hacking, please do read about Mt. Gox and Bitfinex. I was looking for related materials on this topic and found the following links below can give a pretty good start…
Our company, Trend Micro is hosting a cybersecurity event called Threat Experts Summit for students!!! It will be this Friday, November 10, 2017 1:00 PM – 5:30 PM at the Hotel Novotel, Araneta Center, Cubao, Quezon City.
IT students, this is your chance to learn cybersecurity in-depth straight from the experts! We will be discussing cool topics like Cybersecurity, Machine Learning and lots of other infosec/geeky stuff so if you’re free, come and join our event!
Interested students can register HERE
For more details visit Trend Micro Pilipinas FB page (https://www.facebook.com/TrendMicroPH)
Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro Pilipinas Facebook Page.
Our company is running a cool educational contest this summer that is worth checking out. It is a global competition intended to help build skills among young professionals and seasoned veterans in the area of cybersecurity.
This Trend Micro event, called Capture the Flag (CTF), will consist of challenges across 4 disciplines including targeted attacks, cybercrime, IoT, and SCADA. Winner gets JPY 1,000,000 (approximately US$8,700) plus much much more!!!
Trend Micro is also offering an amazing opportunity for the top 10 online qualifying teams and will cover travel expenses to Japan (up to JPY 200,000 / approximately US$1,810/ conditions apply) as well as three nights hotel accommodation. Even if you are not really interested in the prizes, this is a great opportunity for you to test your skills and learn!
With a global shortage of skilled cybersecurity experts, this is a great way for people to build their knowledge of this industry.
Before I end the post, the usual disclaimer/disclosure: I work at Trend Micro. The information contained in this post is taken from Trend Micro press materials. The views expressed in this blog are mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
I love bitcoins and cryptocurrencies and I wrote some articles about bitcoin here at menardconnect.com and in our company security blog some years back.
I also delved into mining crypto-coins but my electricity costs and my alt-coin mining difficulty is at odds so I re-assessed the situation and concluded it was not cost effective anymore. So I stopped mining some years ago and I monitored the bitcoin scene and its infosec connection from the sidelines of social media.
This year, I read that Bangko Sentral ng Pilipinas (BSP) issued some guidelines on virtual currencies and for me this is some sort keeping up with the times of BSP (hehe acceptance of reality maybe) and is a long awaited good news overall. So I decided that the time is ripe for Philippines and Bitcoin so I searched what my friend Dexter of TechAthand.net and BestofRiyadh.com mentioned in one of his posts that a PH-based company is offering an easy way to buy bitcoins and do purchases and remittances with cheaper costs. So I researched more about that company (Coins.PH) and find that it’s very promising 🙂 . Luckily, a friend IRL mentioned that he is using Coins.PH too so this sealed the deal.
I registered at the Coins.PH website and downloaded the iOS app and tried using the Coins.PH services. And I am very happy to say that Coins.PH is very easy to use and is really promising as lot of merchants are using it to sell e-loads, pay bills (for telco/utilities like meralco) and allow sending of remittances. Payment is very easy too (via G-cash, 7-11 stores, Cebuana Lhuillier or bank transaction (online or OTC (over-the-counter). These are my top choices of payment but you can see other options in the website or app and use what is convenient for you. From my personal checking, the app and the website is secure, but of course I will be constantly be vigilant about this and will check it from time to time. I know that good security practices with your mobile phone and computing machines (PC/Macs) is a must for the overall security and safety of bitcoins transaction and other online financial activities. Update: I also had some good experience dealing with the support folks on some issues so this is another plus for them 🙂
To show my appreciation and support to Coins.PH and the bitcoin community around the world and in the Philippines I am doing this awareness post on Bitcoins and Coins.PH. I strongly recommend that you, my readers, friends (online and IRL) and supporters try Coins.PH too by registering using my Coins.PH referral link . Registration is FREE, but the good thing with registering using my Coins.ph link, we both earn 50 pesos each (credited to our Coins.PH wallet) when you complete the verification process. To complete the verification process they will require Identification (ID) card upload as to prevent potential abuse (hehehe shoutout to our friends at BSP and AMLC 😀 ). If you are not comfortable about uploading your ID and complete the verification it’s A-OK too, the only drawback is that you will have some daily transaction limit (P2,000) but still, the basic account can be a good way to try and have a hands-on feel on how to do wallet and bitcoin transactions.
Again I invite you to try Coins.PH its FREE and SAFE. And as the saying goes… there is no harm in trying 🙂
Hope you like my bitcoin and Coins.ph post. If you like bitcoin and coins.ph too please feel free to leave a comment at the end of this post or leave some comments at our facebook page.
“I’m so three thousand and eight
You so two thousand and late”
Boom Boom Pow, Black Eyed Peas
And so our beloved Philippine National PoliceAnti-Cybercrime Group (PNP-ACG) warned the Filipino citizenry about ransomware. Wow! I’m lost for words, so let me just sing a song from the the Black Eyed Peas instead
We have this quote/saying in Filipino “Huli man daw at magaling, naihahabol din!” So let me welcome the Philippine National Police, PNP-ACG to the Ransomware party! Habol na lang mga Boss Chief, kaya natin ito!
On the brighter side of things, I’m happy that our PNP finally gave some warning about the dangers of ransomware. I know they are doing their best in keeping up with the latest threats and cybercrime and as a responsible Pinoy infosec (information security) dude here in the Philippines, I support them on these efforts.
On the geeky tech side of things, Ransomware started sprouting like mushrooms in the last 2~3 years (or maybe more). How do I know this one? I’m just lucky, because I eat malware for breakfast (almost every day) 🙂 I am very thankful that I am part of this wonderful team that helps protect the world from these types of online threats! I love you TM Team! 🙂
So when I read GMAnews article on PNP, Ransomware it brings back “senti” ransomware moments because if I remember it correctly, the first ransomware that caught my interest was the Bundespolizei Police Ransomware (around 2012). Bundespolizei is Germany’s Police force and that ransomware variant pretends to becoming from the German Police entity and it demands payments/ransom from the victims. More geeky details of the German police ransomware here . Police and ransomware always go together pala talaga! Hehehe!
Before we end, some disclosure: I work at Trend Micro. The views expressed in this blog are mine and mine alone (and do not necessarily represent my employer’s positions, strategies or opinions). Read my about page on what I do.
That is what the orcs will shout (in their very unique husky and grunty voice) when the enemies attack their orc base in Warcraft 3.
That is also my topic of this post:
No I’m now screaming about the attack on my blog. I have this good mindset about threats and attacks: I don’t panic. I am also not feeling kawawa or wawa (poor victim in loose filipino translation) in this situation. I think I survived the onslaught of the attack and to spread some good vibes why not share some useful tips here at menardconnect.com 🙂 OK enough of the intro. Let’s get it on:
Late last month, this blog experienced some form of attack from malicious actors who-must-not-be-named. We all know I’m using WordPress, and some dudes out there are trying to login to this blog’s WordPress administration panel and do some brute force attack on guessing my password. Simply put, this means some bad guys (I will collectively call it hax0r) are trying to pretend to be me (me, the website blog admin) and try to get into the wordpress admin console so that they can control the website and blog. More basic info on brute force attacks here.
I will not delve into the technical details of the attack , but in tradition of my good old free six video and free six series, here are six easy to-do tips and tricks that users/admins can do to prevent or better prepare themselves (blog owners) against these WordPress WP-ADMIN Bruteforce attacks.
1. Update your WordPress core files as soon as possible
Just like any software, WordPress have its own security flaws and it needs to get updated from time to time. Admins are advised that they should always update WordPress to the latest version, for more info on this go here. When a new version of WordPress is available admins will receive an update message in your WordPress Admin consoles.
2. Update your WordPress plugins too
Just like the wordpress core files, plugins needs to get updated too. If your blog relies on many plugins, do not worry because when a new version of WordPress plugins are available you will also receive message in the WordPress Admin console that its time to update. There are also automated update settings if you want to try it out.
3. Do not use Admin as the username of the administrator account.
Yes the hax0rs are trying to login via the “admin” username, but as a basic security practice, I disabled it every time create a wordpress blog. I suggest the you be creative. Use NIMDA instead!
4. Do not use your name as the blog admin username account
This piece is quite a revealing one, the hax0rs are trying to get in via the username menard. My name is public info in this blog, so they are clever and they tried it too. But luckily I did not use that name so I avoided that loophole in this admin account issue.
5. Discard unused wordpress themes and plugins
If you are not using the wordpress themes and plugins, do not keep it. Delete it asap. This one caused me some issues several years ago, but my advise here is if you are not using any theme or plugin that theme or plugin should be deleted ASAP because these are like low hanging fruits for attackers.
6. Have good WordPress security plugins installed
Just like security softwares (antivirus, antimalware, anti-threat) for your PC, Macs, iPads, smartphones and other devices, wordpress blogs needs some security tools too. There are some good free wordpress security plugins that works well but I will try to share two: Login Lockdown and Sucuri .
Login lockdown locks the admin console after several failed attempts, a good old trusted plugin. A recent good addition to my security plugin arsenal is Sucuri Security- Auditing, Malware Scanner and Hardening, a free plugin and it has helped me detect this attack. How? See this…
So I’m giving the good folks at Sucuri some love link here in my blog. Kindly go visit them at Sucuri
That’s all for now, i will try to share other tips in the future. Hope you liked my free six tips and tricks to combat WordPress Admin Brute-force Attack
Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro website and TrendLabs Security Intelligence Blog. To know more on what I do full-time kindly visit my blog’s about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.
For infosec, malware and tech (and not so techie) stuff, please follow me in Twitter🙂