Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


BlueBorne Bluetooth Vulnerabilities

09/12/2017 05:26 PM EDT  Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control ...

Continue Reading →
0

An Interesting New Twist on WordPress Site Hijacking

This story reads like fiction.  OK, not great fiction, but this story illustrates another way that WordPress websites can be hijacked and used to promote a cyber scam.

WordPress websites are often hijacked so a phisher can host their landing page on a site that does not lead back to them.  And WordPress sites can be interesting targets for other cyber-criminals who export the ...

Continue Reading →
0

Don’t Miss It! I am a featured speaker next Tuesday at Joule Cram Day

NEW!

Joule U . CRAM DAY

Tuesday . September 26 2017

SIX 60 MINUTE CLASSES
Learn something new! Attend one, some or all.

My presentation, Shields Up for WordPress Websites and Blogs is from 2:30 to 3:30.

I know many of the other speakers and this looks like a terrific lineup.  Block out the day and get some valuable information you can ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Robots Can Crack Safes

Robots can crack safes faster than humans — and differently. We’re going to have to start thinking about robot adversaries as we design our security systems.  From Wired via Schneier.

https://www.wired.com/story/watch-robot-crack-safe/


[WordPress Security] Ransomware Targeting WordPress – An Emerging Threat

Over the past month, the Wordfence team has been tracking a ransomware ...

Continue Reading →
0

Email Account Hijacking – Part 3 Extending the Exploit

On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker.  Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.

They have already proven that you are susceptible to phishing and other social engineering exploits.  So sending the victim other phishing emails that allow more access ...

Continue Reading →
0

Speaking at 2017 ISSA International Conference

I am honored to be presenting at the 2017 ISSA International Conference, October 9-11 in San Diego, CA. This year’s theme is “Digital Danger Zone.” Please join me for networking, education, and fun.

I will be presenting “Shields Up for WordPress Web Sites and Blogs.”  This presentation covers the threat of website hijacking, what an attacker wants to do with your website, ...

Continue Reading →
0

Backup Options for WordPress Websites

On Wednesday we discussed the importance of backing up your website as part of a larger cybersecurity strategy.  Today we are going to look at feature considerations for you as you decide which backup plugin is right for you.

Personally, I have used both Backup WordPress and Updraft Plus, and I have been satisfied with both of them.  When you search for backup plugins, ...

Continue Reading →
0

Hacker Tools for Pen Testing

On Wednesday we took a look at a collection of mostly web-based reconnaissance tools.  Today we are taking it to the next level and actually attempting to find and exploit vulnerabilties.

Kali Linux – This is a pen-testers version of Linux that comes fully loaded with over a hundred testing applications.  Kali can be installed in any  old laptop you have laying around, installed as a virtual machine ...

Continue Reading →
0
Page 3 of 5 12345