Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Russia accused of massive GPS spoofing campaign

Russia has been hijacking signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers claim.


Spycam sex videos of 1,600 motel guests sold to paying subscribers

1,600 guests were filmed with hidden webcams that live-streamed the action. The site also sold videos.


Scammer pleads guilty to fleecing Facebook and Google of $121m

Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?


Change your Facebook password now!

Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!


Google Chrome zero-day: Now is the time to update and restart your browser

Do you keep tabs and windows in Chrome open forever? Close them. Close them now.


What’s the difference between antivirus and anti-malware?

The two terms are used interchangeably, but do they really mean the same thing? Actually, no.  This is a great article that covers a lot of malware types.


Researcher finds new way to sniff Windows BitLocker encryption keys

A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.


Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin

Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a user base of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should update to 1.3.9.1 as quickly as possible to address the flaw.


Drupal Releases Security Updates

Original release date: March 20, 2019.  Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates.


 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.