Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Computer Programmer Who Ran a Global Drug Trafficking Empire

A new book uncovers the intricacies of Paul Le Roux’s cartel and how it fueled the opioid epidemic ravaging the U.S. today.  This fascinating story is covered in detail on the Smithsonian website.  Or read Evan Ratliff’s new book The Mastermind.  I did, and the story is fascinating.


Kids’ GPS watches are still a security ‘train wreck’

Anyone could have accessed the entire database, including a child’s location, on Gator watches and other models that share its back end.


Brilliant New Social Engineering Phish – “Please DocuSign: Funding for Your Business”

A friend was sent this email and he forwarded it to me. It’s a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection devices, because it’s entirely legit by using the DocuSign infrastructure. Prime example of an info grabbing phish that does not use a malicious payload.


Got My Own Social Security Scam Call

They are definitely out there.  I wrote about this three weeks ago, and a few days ago, in my voicemail, was part of an automated robocall from scammers claiming to be from the Social Security Administration.  Here is the transcription of the call.  These are all CRAP and totally bogus.  Do not fall for them.

Taking your name and your Social Security number, the issue at hand is very time sensitive the very second you receive this message. I need you to return the call as soon as possible on my department number, which is +1-240-390-7683. I repeat, it’s +1-240-390-7683. If I don’t receive your call, your social security number will be suspended  (funny!) to avoid all legal consequences. Call me and so on as possible because this is your last chance for the resultant of this serious case. Again, this message is for you. And this is Officer Lisa Williams from Social Security Administration. Goodbye, and have a blessed day.


Chrome Protects From Typo-Squatters and Fat Fingers

Ever fat-finger (mistype) a web address and end up on a Russian porn site?  Or clicked on a near-miss URL (typo-squatting) in a phishing email and end up on a illegal prescription drug website?  Chrome has a new feature that advises when you may be going to the wrong website.


Multiple Vulnerabilities in WordPress Could Allow for Remote Code Execution

OVERVIEW:  Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow a WordPress author to execute code remotely on the underlying server. WordPress is a web-based publishing application implemented in PHP. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution with privileges of the affected application.

THREAT INTELLIGENCE:  A Proof-of-Concept has been developed by the researchers who discovered this vulnerability to demonstrate the issues.

SYSTEMS AFFECTED:  WordPress 5 versions prior to 5.0.1 and WordPress 4 versions prior to 4.9.9

Upgrade your WordPress version to 5.0.3


 

1

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Comments

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.