Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Solved: Jetpack Generating Mysterious Admin Email Change Messages

This entry was posted in WordPress Security on May 2, 2018 by Mark Maunder

Although there is nothing to worry about, you may want to read this post from WordFence.

We’ve received quite a few questions about this in the past 24 hours, either via forums, email or twitter. Roughly 14 hours ago we started seeing reports that WordPress site owners running Jetpack were receiving emails that stated the following:

You recently requested to have the administration email address on your site changed.
If this is correct, please click on the following link to change it: [link]
You can safely ignore and delete this email if you do not want to take this action.
This email has been sent to [email]


Facebook’s getting a clear history button

“This is an example of the kind of control we think you should have.”


Gmail users, here’s how (and why) you should set up prompt-based 2FA

2FA just got better so don’t be like everyone else – actually use it!


Yahoo mega-breach hacker faces nearly 8 years in prison

The hacker exposed half a billion Yahoo accounts on behalf of Russia’s FSB


 Yahoo fined $35m for staying quiet about mega breach

Remember the 1 billion records exposed?  The smallest thing about the Yahoo mega-breach is the fine.


Medical devices vulnerable to KRACK Wi-Fi attacks

Some KRACKs still haven’t been papered over.


Volkswagen and Audi car infotainment systems hacked remotely

Researchers found a way into both cars through the Wi-Fi interface.

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.