Daily Archives: April 1, 2019

The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams

Today, users are extremely reliant on our GPS devices. In fact, we’re so reliant on these devices that map features are programmed into almost every IoT device we use as well as inside of our vehicles. However, the Department of Homeland Security has issued an alert to make users aware of a GPS receiver issue called the GPS Week Number Rollover that is expected to occur on or around April 6, 2019. While this bug is only expected to affect a small number of older GPS devices, users who are impacted could face troubling results.

You may be wondering, what will cause this rollover issue? GPS systems count weeks using a ten-bit parameter, meaning that they start counting at week zero and then reset when they hit week 1,024, or 19.5 years. Because the last reset took place on August 21, 1999, it appears that the next reset will occur on April 6, 2019. This could result in devices resetting their dates and potentially corrupting navigation data, which would throw off location estimates. That means your GPS device could misrepresent your location drastically, as each nanosecond the clock is out translates into a foot of location error.

So, how does this rollover issue translate into a potential cyberthreat? It turns out that the main fix for this problem is to ensure that your GPS device’s software is up-to-date. However, due to the media attention that this bug is receiving, it’s not far-fetched to speculate that cybercriminals will leverage the issue to target users with phishing attacks. These attacks could come in the form of email notifications referencing the rollover notice and suggesting that users install a fraudulent software patch to fix the issue. The emails could contain a malicious payload that leaves the victim with a nasty malware on their device.

While it’s difficult to speculate how exactly cybercriminals will use various events to prey on innocent users, it’s important to be aware of potential threats to help protect your data and safeguard your devices. Check out the following tips to help you spot potential phishing attacks:

  • Validate the email address is from a recognized sender. Always check the validity of signature lines, including the information on the sender’s name, address, and telephone number. If you receive an email from an address that you don’t recognize, it’s best to just delete the email entirely.
  • Hover over links to see and verify the URL. If someone sends you a link to “update your software,” hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.
  • Be cautious of emails asking you to take action. If you receive a message asking you to update your software, don’t click on anything within the message. Instead, go straight to your software provider’s website. This will prevent you from downloading malicious content from phishing links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams appeared first on McAfee Blogs.

Scan WordPress websites for vulnerabilities WPScan Kali Linux

Scan WordPress websites for vulnerabilities WPScan Kali Linux   WPScan is a black box vulnerability scanner for WordPress websites. WPScan comes pre-installed in Kali Linux. Kali Linux is a popular Linux distribution built on Debian Kali Linux comes with many of the best ethical hacking tools pre-installed. If you’re not using Kali Linux and you […]

The post Scan WordPress websites for vulnerabilities WPScan Kali Linux appeared first on HackingVision.

New eLearning Learner Levels Streamline Verified Progress

Before customers buy from you, they ask “Can you prove that your application is secure, and that you will protect our data if we give it to you?” Companies around the world struggle to answer this question, especially with the advancement of DevOps and rapid changes/deployment of applications into production. As such, we launched Verified to help you prove to your customers that you adopt security best practices for your applications and the developers that support them on an ongoing basis.

Veracode Verified is a three-tier maturity program that includes several training elements. For example, to reach the Verified Team tier, one requirement is to select and train a security champion. A requirement to reach Verified Continuous is to roll out security fundamentals training to all developers working on an application. 

Veracode Introduces Learning Levels

In order to help companies track the maturity of their eLearning program and their progress toward Verified tiers, Veracode launched learning levels in the eLearning product. The new enhancement to eLearning includes the following:

Learning Levels: There are three levels that individuals can reach within the platform. Each level has a requirement in terms of specific courses a user must complete in order to obtain that level.

Level 1 – Developer Security Fundamentals

Level 2 – Verified Team Security Champion

Level 3 – Verified Continuous Security Champion

Visit our website for more details on developer training.

Platform Badges: There are now badges next to user names that align to the level the user has reached. This allows managers to quickly identify that their teams have met their policy requirements for eLearning.

Certificate: Users can also download a certificate that shows their name, the level they reached, and the date they achieved their status.

Reporting: Managers can download a report for their teams on the levels they achieved, and the date it was achieved.

A Variety of Developer Training that Meets Your Specific Needs

With the increased speed of development, plus security shifting “left,” developers need to catch security-related defects on their own as often as possible. However, most developers have had no opportunities to learn secure coding, in school or on the job. Veracode offers application security leaders the chance to engage developers with various types of training, from self-service eLearning to fully customizable on-site workshops. 

Learn more about proving the security of your development process with our Verified program, and the different training elements needed to become Verified.