Sites you might want to avoid... till they are fixed!

Drupalgeddon

It has been discovered that more than 350 Drupal Based websites have been compromised thanks to Drupalgendan 2. US security researcher Troy Mursch discovered a campaign that was compromising Drupal sites and hiding a version of the Coinhive in-browser cryptocurrency miner inside a file named "jquery.once.js?v=1.2," loaded on each of the compromised sites. EVERY VISITOR to those sites has the in-browser mining script injected into their pages.

Topics

Android security: Your phone's patch level says you're up to date, but that may be a lie [UPDATE]

Android Bot

You might be one of those people who keeps an eye for any updates on your Android Smartphone and check for updates monthly just to find out that your device is “up to date”. However, depending on which device you have that might be a lie. The biggest problem with Android is what is known as android fragmentation. Basically, Google makes the updates and then gives it to each Android phone manufactures.

65 Microsoft security fixes you need now

Windows Update

Microsoft's April 2018 Patch Tuesday came and went this week and the company issued its regular monthly software patches to fix various vulnerabilities. Patch Tuesday is the unofficial nickname of the second or third Tuesday of each month. This is when Microsoft rolls out bug fixes and security patches for its line of software products like Windows and Microsoft Office.

Topics

Netflix Acknowledges Security Flaw That Puts Gmail Users at Risk

Nexflix

Netflix has acknowledged a security flaw that puts users who registered to the online streaming service using a Gmail account at risk of a phishing scam. The flaw utilizes a little-known Gmail feature in order to trick users into putting in their credit card information and paying for someone else’s Netflix subscription. This flaw is based on how Netflix and Gmail view dots in the email address. Gmail’s policy on dots in email addresses is to ignore them altogether, so that if someone adds or misses dots in an address the message will still get to the person they are addressing.

Topics

MyFitnessPal Breached: What You Need to Know

Fitnesspal

On March 29th, popular fitness and nutrition tracking app MyFitnessPal, disclosed a data breach. According to the MyFitnessPal website, the breach occurred sometime in February 2018 but was only discovered on March 25th. Under Armour, the company that owns MyFitnessPal, announced that as many as 150 million accounts were compromised. Stolen information includes usernames, email addresses and passwords hashed with bcrypt. MyFitnessPal has alerted users via email and is requiring all users to change their passwords.

Topics

BitTorrent Client uTorrent Suffers Security Vulnerability

uTorrent

The popular torrent software, uTorrent, was found to have a serious vulnerability. According to Tavis of the Google Project-Zero, the uTorrent software is vulnerable to remote attacks. The way it works is that an attacker can user a website to perform a simple DNS Rebinding attack to download malware anywhere onto the victim’s computer through the uTorrent software. It is suggested to either stop using the software entirely or do not have the uTorrent software running when not in use till the issue is fixed.

Topics

Security flaw in Moto G5 Plus Prime Exclusive grants access to phone with the tap of a lockscreen ad

Motorolla

Amazon has been running its Prime Exclusive program for some time now. Essentially, the company partners with phone manufacturers to offer noticeably lower prices on devices in exchange for preloaded Amazon apps and advertisements on the lock screen.

Topics