MS-ISAC Releases Advisory on PHP Vulnerabilities

Original release date: September 5, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2019-087 and the PHP Downloads page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Article on Think Before You Post Campaign

Original release date: September 5, 2019

The Federal Bureau of Investigation (FBI) has released an article on their Think Before You Post campaign, designed to educate students on the use of social media and how to avoid making poor choices when posting, texting, or emailing thoughts or grievances that could lead to disruptive behavior, including threats. The FBI article stresses that this type of online behavior could result in serious consequences to the individual as well as the community.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI article for information about the Think Before You Post campaign. CISA also recommends users review the CISA Tip on Identifying Hoaxes and Urban Legends for information on the potential dangers of viral emails. CISA encourages users to report suspicious activity to their local FBI field office and to FBI CyWatch at [email protected] 

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: September 5, 2019

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

600,000 GPS trackers for people and pets are using 123456 as a password

Dog plush toy with tracker attached.

Enlarge (credit: Shenzhen i365 Tech)

An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks, researchers from security firm Avast have found.

The $25 to $50 devices are small enough to wear on a necklace or stash in a pocket or car dash compartment. Many also include cameras and microphones. They’re marketed on Amazon and other online stores as inexpensive ways to help keep kids, seniors, and pets safe. Ignoring the ethics of attaching a spying device to the people we love, there’s another reason for skepticism. Vulnerabilities in the T8 Mini GPS Tracker Locator and almost 30 similar model brands from the same manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping, spying, and spoofing attacks that falsify users’ true location.

Researchers at Avast Threat Labs found that ID numbers assigned to each device were based on its International Mobile Equipment Identity, or IMEI. Even worse, during manufacturing, devices were assigned precisely the same default password of 123456. The design allowed the researchers to find more than 600,000 devices actively being used in the wild with that password. As if that wasn’t bad enough, the devices transmitted all data in plaintext using commands that were easy to reverse engineer.

Read 5 remaining paragraphs | Comments